CVE-2018-18441: Infoleak
First published: Thu Dec 20 2018(Updated: )
D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration. The affected devices include many of DCS series, such as: DCS-936L, DCS-942L, DCS-8000LH, DCS-942LB1, DCS-5222L, DCS-825L, DCS-2630L, DCS-820L, DCS-855L, DCS-2121, DCS-5222LB1, DCS-5020L, and many more. There are many affected firmware versions starting from 1.00 and above. The configuration file can be accessed remotely through: <Camera-IP>/common/info.cgi, with no authentication. The configuration file include the following fields: model, product, brand, version, build, hw_version, nipca version, device name, location, MAC address, IP address, gateway IP address, wireless status, input/output settings, speaker, and sensor settings.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| D-Link DCS-934L Firmware | >=1.00 | |
| D-Link DCS-936L | ||
| D-Link DCS-942L Firmware | >=1.00 | |
| D-Link DCS-942L Firmware | ||
| D-Link DCS-8000LH firmware | >=1.00 | |
| dlink DCS-8000LH | ||
| D-Link DCS-942LB1 firmware | >=1.00 | |
| D-Link DCS-942LB1 firmware | ||
| D-Link DCS-5222L firmware | >=1.00 | |
| D-Link DCS-5222L | ||
| D-Link DCS-825L firmware | >=1.00 | |
| dlink DCS-825L | ||
| D-Link DCS-2630L firmware | >=1.00 | |
| dlink DCS-2630L | ||
| D-Link DCS-820L firmware | >=1.00 | |
| dlink DCS-820L | ||
| D-Link DCS-855L Firmware | >=1.00 | |
| D-Link DCS-855L | ||
| dlink DCS-2121 firmware | >=1.00 | |
| dlink DCS-2121 firmware | ||
| D-Link DCS-5222LB1 | >=1.00 | |
| D-Link DCS-5222LB1 | ||
| dlink DCS-5020L | >=1.00 | |
| dlink DCS-5020L firmware | ||
| D-Link DCS-930L Firmware | >=1.00 | |
| D-Link DCS-930L | ||
| D-Link DCS-8100LH Firmware | >=1.00 | |
| dlink dcs-8100lh | ||
| dlink DCS-932L | >=1.00 | |
| dlink DCS-932L | ||
| D-Link DCS-2102 Firmware | >=1.00 | |
| D-Link DCS-2102 | ||
| dlink DCS-933L firmware | >=1.00 | |
| dlink DCS-933L firmware | ||
| D-Link DCS-5030L | >=1.00 | |
| D-Link DCS-5030L |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-18441?
CVE-2018-18441 is a vulnerability in the D-Link DCS series Wi-Fi cameras that exposes sensitive information regarding the device configuration.
Which devices are affected by CVE-2018-18441?
The affected devices include many of the DCS series cameras, such as DCS-936L, DCS-942L, DCS-8000LH, DCS-942LB1, DCS-5222L, DCS-825L, DCS-2630L, DCS-820L, DCS-855L, DCS-2121, DCS-5222LB1, DCS-5020L, and more.
What is the severity of CVE-2018-18441?
The severity of CVE-2018-18441 is high, with a CVSS base score of 7.5.
How does CVE-2018-18441 affect the affected devices?
CVE-2018-18441 exposes sensitive information regarding the device configuration, which can potentially lead to unauthorized access and compromise of the cameras.
How can I fix CVE-2018-18441?
To fix CVE-2018-18441, it is recommended to update the firmware of the affected devices to the latest version provided by D-Link.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/references
- agent/severity
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- vendor/d-link
- canonical/d-link dcs-934l firmware
- version/d-link dcs-934l firmware/1.00
- vendor/dlink
- canonical/d-link dcs-936l
- canonical/d-link dcs-942l firmware
- version/d-link dcs-942l firmware/1.00
- canonical/d-link dcs-8000lh firmware
- version/d-link dcs-8000lh firmware/1.00
- canonical/dlink dcs-8000lh
- canonical/d-link dcs-942lb1 firmware
- version/d-link dcs-942lb1 firmware/1.00
- canonical/d-link dcs-5222l firmware
- version/d-link dcs-5222l firmware/1.00
- canonical/d-link dcs-5222l
- canonical/d-link dcs-825l firmware
- version/d-link dcs-825l firmware/1.00
- canonical/dlink dcs-825l
- canonical/d-link dcs-2630l firmware
- version/d-link dcs-2630l firmware/1.00
- canonical/dlink dcs-2630l
- canonical/d-link dcs-820l firmware
- version/d-link dcs-820l firmware/1.00
- canonical/dlink dcs-820l
- canonical/d-link dcs-855l firmware
- version/d-link dcs-855l firmware/1.00
- canonical/d-link dcs-855l
- canonical/dlink dcs-2121 firmware
- version/dlink dcs-2121 firmware/1.00
- canonical/d-link dcs-5222lb1
- version/d-link dcs-5222lb1/1.00
- canonical/dlink dcs-5020l
- version/dlink dcs-5020l/1.00
- canonical/dlink dcs-5020l firmware
- canonical/d-link dcs-930l firmware
- version/d-link dcs-930l firmware/1.00
- canonical/d-link dcs-930l
- canonical/d-link dcs-8100lh firmware
- version/d-link dcs-8100lh firmware/1.00
- canonical/dlink dcs-8100lh
- canonical/dlink dcs-932l
- version/dlink dcs-932l/1.00
- canonical/d-link dcs-2102 firmware
- version/d-link dcs-2102 firmware/1.00
- canonical/d-link dcs-2102
- canonical/dlink dcs-933l firmware
- version/dlink dcs-933l firmware/1.00
- canonical/d-link dcs-5030l
- version/d-link dcs-5030l/1.00