漏洞标题
N/A
漏洞描述信息
在D-Link DCS-1100和DCS-1130设备上发现了一个问题。该设备要求用户登录设备时提供用户名和密码。然而,该设备允许移动设备和桌面上的D-Link应用程序与设备进行无需身份验证的通信。作为通信的一部分,设备使用自定义版本的Base64编码来在应用程序和设备之间传递数据。然而,任何进程,包括在手机上或桌面上的攻击进程,都可以启动这种形式的对话,这使得第三方可以通过发送自定义Base64编码的UDP包来在没有身份验证的情况下获取设备密码。由于世界上有超过100,000个D-Link设备,这种攻击的严重程度被扩大了。
CVSS信息
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device requires that a user logging into the device provide a username and password. However, the device allows D-Link apps on the mobile devices and desktop to communicate with the device without any authentication. As a part of that communication, the device uses custom version of base64 encoding to pass data back and forth between the apps and the device. However, the same form of communication can be initiated by any process including an attacker process on the mobile phone or the desktop and this allows a third party to retrieve the device's password without any authentication by sending just 1 UDP packet with custom base64 encoding. The severity of this attack is enlarged by the fact that there more than 100,000 D-Link devices out there.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
D-Link DCS-1100和D-Link DCS-1130 信任管理问题漏洞
漏洞描述信息
D-Link DCS-1100和D-Link DCS-1130都是中国台湾友讯(D-Link)公司的一款网络摄像机。 D-Link DCS-1100和DCS-1130中存在安全漏洞。本地攻击者可通过发送简单的UDP数据包利用该漏洞访问管理界面,查看所拍摄的图像。
CVSS信息
N/A
漏洞类别
信任管理问题