QwikSec

Security Database

CVE

CWE

Training

CVE-2017-8409

Published: Jul 2, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

An issue was discovered on D-Link DCS-1130 devices. The device requires that a user logging to the device to provide a username and password. However, the device does not enforce the same restriction on a specific URL thereby allowing any attacker in possession of that to view the live video feed. The severity of this attack is enlarged by the fact that there more than 100,000 D-Link devices out there.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20190609 Newly releases IoT security issues

mailing-list

x_refsource_BUGTRAQ

http://packetstormsecurity.com/files/153226/Dlink-DCS-1130-Command-Injection-CSRF-Stack-Overflow.html

x_refsource_MISC

https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Dlink_DCS_1130_security.pdf

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.