First published: Fri Sep 24 2021(Updated: )
** UNSUPPORTED WHEN ASSIGNED ** An Elevated Privileges issue exists in D-Link DCS-5000L v1.05 and DCS-932L v2.17 and older. The use of the digest-authentication for the devices command interface may allow further attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Dlink Dcs-932l Firmware | <=2.17 | |
Dlink Dcs-932l | ||
Dlink Dcs-5000l Firmware | =1.05 | |
Dlink Dcs-5000l | ||
All of | ||
Dlink Dcs-932l Firmware | <=2.17 | |
Dlink Dcs-932l | ||
All of | ||
Dlink Dcs-5000l Firmware | =1.05 | |
Dlink Dcs-5000l |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2021-41504.
The affected software includes D-Link DCS-5000L v1.05 and DCS-932L v2.17 and older.
The severity of CVE-2021-41504 is high with a severity value of 8.
The vulnerability allows malicious users to compromise the cameras' configuration and potentially gain elevated privileges.
You can find more information about this vulnerability in the following references: [Support Announcement](https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10247) and [Security Bulletin](https://www.dlink.com/en/security-bulletin/).