CVE-2018-18441: Infoleak
First published: Thu Dec 20 2018(Updated: )
D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration. The affected devices include many of DCS series, such as: DCS-936L, DCS-942L, DCS-8000LH, DCS-942LB1, DCS-5222L, DCS-825L, DCS-2630L, DCS-820L, DCS-855L, DCS-2121, DCS-5222LB1, DCS-5020L, and many more. There are many affected firmware versions starting from 1.00 and above. The configuration file can be accessed remotely through: <Camera-IP>/common/info.cgi, with no authentication. The configuration file include the following fields: model, product, brand, version, build, hw_version, nipca version, device name, location, MAC address, IP address, gateway IP address, wireless status, input/output settings, speaker, and sensor settings.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| D-link Dcs-936l Firmware | >=1.00 | |
| Dlink Dcs-936l | ||
| Dlink Dcs-942l Firmware | >=1.00 | |
| Dlink Dcs-942l | ||
| D-link Dcs-8000lh Firmware | >=1.00 | |
| Dlink Dcs-8000lh | ||
| D-link Dcs-942lb1 Firmware | >=1.00 | |
| Dlink Dcs-942lb1 | ||
| D-link Dcs-5222l Firmware | >=1.00 | |
| Dlink Dcs-5222l | ||
| D-link Dcs-825l Firmware | >=1.00 | |
| Dlink Dcs-825l | ||
| D-link Dcs-2630l Firmware | >=1.00 | |
| Dlink Dcs-2630l | ||
| D-link Dcs-820l Firmware | >=1.00 | |
| Dlink Dcs-820l | ||
| D-link Dcs-855l Firmware | >=1.00 | |
| Dlink Dcs-855l | ||
| D-link Dcs-2121 Firmware | >=1.00 | |
| Dlink Dcs-2121 | ||
| D-link Dcs-5222lb1 Firmware | >=1.00 | |
| Dlink Dcs-5222lb1 | ||
| Dlink Dcs-5020l Firmware | >=1.00 | |
| Dlink Dcs-5020l | ||
| Dlink Dcs-930l Firmware | >=1.00 | |
| Dlink Dcs-930l | ||
| D-link Dcs-8100lh Firmware | >=1.00 | |
| Dlink Dcs-8100lh | ||
| Dlink Dcs-932l Firmware | >=1.00 | |
| Dlink Dcs-932l | ||
| D-link Dcs-2102 Firmware | >=1.00 | |
| Dlink Dcs-2102 | ||
| Dlink Dcs-933l Firmware | >=1.00 | |
| Dlink Dcs-933l | ||
| Dlink Dcs-5030l Firmware | >=1.00 | |
| Dlink Dcs-5030l |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-18441?
CVE-2018-18441 is a vulnerability in the D-Link DCS series Wi-Fi cameras that exposes sensitive information regarding the device configuration.
Which devices are affected by CVE-2018-18441?
The affected devices include many of the DCS series cameras, such as DCS-936L, DCS-942L, DCS-8000LH, DCS-942LB1, DCS-5222L, DCS-825L, DCS-2630L, DCS-820L, DCS-855L, DCS-2121, DCS-5222LB1, DCS-5020L, and more.
What is the severity of CVE-2018-18441?
The severity of CVE-2018-18441 is high, with a CVSS base score of 7.5.
How does CVE-2018-18441 affect the affected devices?
CVE-2018-18441 exposes sensitive information regarding the device configuration, which can potentially lead to unauthorized access and compromise of the cameras.
How can I fix CVE-2018-18441?
To fix CVE-2018-18441, it is recommended to update the firmware of the affected devices to the latest version provided by D-Link.
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/d-link
- canonical/d-link dcs-936l firmware
- version/d-link dcs-936l firmware/1.00
- vendor/dlink
- canonical/dlink dcs-936l
- canonical/dlink dcs-942l firmware
- version/dlink dcs-942l firmware/1.00
- canonical/dlink dcs-942l
- canonical/d-link dcs-8000lh firmware
- version/d-link dcs-8000lh firmware/1.00
- canonical/dlink dcs-8000lh
- canonical/d-link dcs-942lb1 firmware
- version/d-link dcs-942lb1 firmware/1.00
- canonical/dlink dcs-942lb1
- canonical/d-link dcs-5222l firmware
- version/d-link dcs-5222l firmware/1.00
- canonical/dlink dcs-5222l
- canonical/d-link dcs-825l firmware
- version/d-link dcs-825l firmware/1.00
- canonical/dlink dcs-825l
- canonical/d-link dcs-2630l firmware
- version/d-link dcs-2630l firmware/1.00
- canonical/dlink dcs-2630l
- canonical/d-link dcs-820l firmware
- version/d-link dcs-820l firmware/1.00
- canonical/dlink dcs-820l
- canonical/d-link dcs-855l firmware
- version/d-link dcs-855l firmware/1.00
- canonical/dlink dcs-855l
- canonical/d-link dcs-2121 firmware
- version/d-link dcs-2121 firmware/1.00
- canonical/dlink dcs-2121
- canonical/d-link dcs-5222lb1 firmware
- version/d-link dcs-5222lb1 firmware/1.00
- canonical/dlink dcs-5222lb1
- canonical/dlink dcs-5020l firmware
- version/dlink dcs-5020l firmware/1.00
- canonical/dlink dcs-5020l
- canonical/dlink dcs-930l firmware
- version/dlink dcs-930l firmware/1.00
- canonical/dlink dcs-930l
- canonical/d-link dcs-8100lh firmware
- version/d-link dcs-8100lh firmware/1.00
- canonical/dlink dcs-8100lh
- canonical/dlink dcs-932l firmware
- version/dlink dcs-932l firmware/1.00
- canonical/dlink dcs-932l
- canonical/d-link dcs-2102 firmware
- version/d-link dcs-2102 firmware/1.00
- canonical/dlink dcs-2102
- canonical/dlink dcs-933l firmware
- version/dlink dcs-933l firmware/1.00
- canonical/dlink dcs-933l
- canonical/dlink dcs-5030l firmware
- version/dlink dcs-5030l firmware/1.00
- canonical/dlink dcs-5030l