First published: Thu Dec 20 2018(Updated: )
An issue was discovered in D-Link 'myDlink Baby App' version 2.04.06. Whenever actions are performed from the app (e.g., change camera settings or play lullabies), it communicates directly with the Wi-Fi camera (D-Link 825L firmware 1.08) with the credentials (username and password) in base64 cleartext. An attacker could conduct an MitM attack on the local network and very easily obtain these credentials.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Dlink Mydlink Baby Camera Monitor | =2.04.06 | |
D-link Dcs-825l Firmware | =1.08 | |
Dlink Dcs-825l |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2018-18767 is high.
D-Link myDlink Baby App version 2.04.06 and D-Link 825L firmware 1.08 are affected by CVE-2018-18767.
CVE-2018-18767 allows an attacker to communicate directly with the Wi-Fi camera using base64 cleartext credentials.
No, D-Link DCS-825L is not vulnerable to CVE-2018-18767.
You can find more information about CVE-2018-18767 at this [link](https://dojo.bullguard.com/dojo-by-bullguard/blog/i-got-my-eyeon-you-security-vulnerabilities-in-baby-monitor/).