7.5
CWE
200
Advisory Published
Updated

CVE-2018-18441: Infoleak

First published: Thu Dec 20 2018(Updated: )

D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration. The affected devices include many of DCS series, such as: DCS-936L, DCS-942L, DCS-8000LH, DCS-942LB1, DCS-5222L, DCS-825L, DCS-2630L, DCS-820L, DCS-855L, DCS-2121, DCS-5222LB1, DCS-5020L, and many more. There are many affected firmware versions starting from 1.00 and above. The configuration file can be accessed remotely through: <Camera-IP>/common/info.cgi, with no authentication. The configuration file include the following fields: model, product, brand, version, build, hw_version, nipca version, device name, location, MAC address, IP address, gateway IP address, wireless status, input/output settings, speaker, and sensor settings.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
D-link Dcs-936l Firmware>=1.00
Dlink Dcs-936l
Dlink Dcs-942l Firmware>=1.00
Dlink Dcs-942l
D-link Dcs-8000lh Firmware>=1.00
Dlink Dcs-8000lh
D-link Dcs-942lb1 Firmware>=1.00
Dlink Dcs-942lb1
D-link Dcs-5222l Firmware>=1.00
Dlink Dcs-5222l
D-link Dcs-825l Firmware>=1.00
Dlink Dcs-825l
D-link Dcs-2630l Firmware>=1.00
Dlink Dcs-2630l
D-link Dcs-820l Firmware>=1.00
Dlink Dcs-820l
D-link Dcs-855l Firmware>=1.00
Dlink Dcs-855l
D-link Dcs-2121 Firmware>=1.00
Dlink Dcs-2121
D-link Dcs-5222lb1 Firmware>=1.00
Dlink Dcs-5222lb1
Dlink Dcs-5020l Firmware>=1.00
Dlink Dcs-5020l
Dlink Dcs-930l Firmware>=1.00
Dlink Dcs-930l
D-link Dcs-8100lh Firmware>=1.00
Dlink Dcs-8100lh
Dlink Dcs-932l Firmware>=1.00
Dlink Dcs-932l
D-link Dcs-2102 Firmware>=1.00
Dlink Dcs-2102
Dlink Dcs-933l Firmware>=1.00
Dlink Dcs-933l
Dlink Dcs-5030l Firmware>=1.00
Dlink Dcs-5030l

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is CVE-2018-18441?

    CVE-2018-18441 is a vulnerability in the D-Link DCS series Wi-Fi cameras that exposes sensitive information regarding the device configuration.

  • Which devices are affected by CVE-2018-18441?

    The affected devices include many of the DCS series cameras, such as DCS-936L, DCS-942L, DCS-8000LH, DCS-942LB1, DCS-5222L, DCS-825L, DCS-2630L, DCS-820L, DCS-855L, DCS-2121, DCS-5222LB1, DCS-5020L, and more.

  • What is the severity of CVE-2018-18441?

    The severity of CVE-2018-18441 is high, with a CVSS base score of 7.5.

  • How does CVE-2018-18441 affect the affected devices?

    CVE-2018-18441 exposes sensitive information regarding the device configuration, which can potentially lead to unauthorized access and compromise of the cameras.

  • How can I fix CVE-2018-18441?

    To fix CVE-2018-18441, it is recommended to update the firmware of the affected devices to the latest version provided by D-Link.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203