First published: Thu Dec 20 2018(Updated: )
D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration. The affected devices include many of DCS series, such as: DCS-936L, DCS-942L, DCS-8000LH, DCS-942LB1, DCS-5222L, DCS-825L, DCS-2630L, DCS-820L, DCS-855L, DCS-2121, DCS-5222LB1, DCS-5020L, and many more. There are many affected firmware versions starting from 1.00 and above. The configuration file can be accessed remotely through: <Camera-IP>/common/info.cgi, with no authentication. The configuration file include the following fields: model, product, brand, version, build, hw_version, nipca version, device name, location, MAC address, IP address, gateway IP address, wireless status, input/output settings, speaker, and sensor settings.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
D-link Dcs-936l Firmware | >=1.00 | |
Dlink Dcs-936l | ||
Dlink Dcs-942l Firmware | >=1.00 | |
Dlink Dcs-942l | ||
D-link Dcs-8000lh Firmware | >=1.00 | |
Dlink Dcs-8000lh | ||
D-link Dcs-942lb1 Firmware | >=1.00 | |
Dlink Dcs-942lb1 | ||
D-link Dcs-5222l Firmware | >=1.00 | |
Dlink Dcs-5222l | ||
D-link Dcs-825l Firmware | >=1.00 | |
Dlink Dcs-825l | ||
D-link Dcs-2630l Firmware | >=1.00 | |
Dlink Dcs-2630l | ||
D-link Dcs-820l Firmware | >=1.00 | |
Dlink Dcs-820l | ||
D-link Dcs-855l Firmware | >=1.00 | |
Dlink Dcs-855l | ||
D-link Dcs-2121 Firmware | >=1.00 | |
Dlink Dcs-2121 | ||
D-link Dcs-5222lb1 Firmware | >=1.00 | |
Dlink Dcs-5222lb1 | ||
Dlink Dcs-5020l Firmware | >=1.00 | |
Dlink Dcs-5020l | ||
Dlink Dcs-930l Firmware | >=1.00 | |
Dlink Dcs-930l | ||
D-link Dcs-8100lh Firmware | >=1.00 | |
Dlink Dcs-8100lh | ||
Dlink Dcs-932l Firmware | >=1.00 | |
Dlink Dcs-932l | ||
D-link Dcs-2102 Firmware | >=1.00 | |
Dlink Dcs-2102 | ||
Dlink Dcs-933l Firmware | >=1.00 | |
Dlink Dcs-933l | ||
Dlink Dcs-5030l Firmware | >=1.00 | |
Dlink Dcs-5030l |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-18441 is a vulnerability in the D-Link DCS series Wi-Fi cameras that exposes sensitive information regarding the device configuration.
The affected devices include many of the DCS series cameras, such as DCS-936L, DCS-942L, DCS-8000LH, DCS-942LB1, DCS-5222L, DCS-825L, DCS-2630L, DCS-820L, DCS-855L, DCS-2121, DCS-5222LB1, DCS-5020L, and more.
The severity of CVE-2018-18441 is high, with a CVSS base score of 7.5.
CVE-2018-18441 exposes sensitive information regarding the device configuration, which can potentially lead to unauthorized access and compromise of the cameras.
To fix CVE-2018-18441, it is recommended to update the firmware of the affected devices to the latest version provided by D-Link.