CVE-2018-18441

CWE-200 — Information Exposure3 documents3 sources

Severity

7.5HIGH

EPSS

0.5%

top 34.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

D-link Dcs-2102 Firmware D-link Dcs-2121 Firmware D-link Dcs-2630l Firmware +15 more

Timeline

PublishedDec 20

Latest updateMay 14

Description

D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration. The affected devices include many of DCS series, such as: DCS-936L, DCS-942L, DCS-8000LH, DCS-942LB1, DCS-5222L, DCS-825L, DCS-2630L, DCS-820L, DCS-855L, DCS-2121, DCS-5222LB1, DCS-5020L, and many more. There are many affected firmware versions starting from 1.00 and above. The configuration file can be accessed remotely through: /common/info.cgi, with no authentication. The configuration file includ…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages18 packages

▶NVDd-link/dcs-942lb1_firmware

▶NVDd-link/dcs-5222lb1_firmware

▶NVDdlink/dcs-942l_firmware

▶NVDd-link/dcs-2121_firmware

▶NVDd-link/dcs-820l_firmware

🔴Vulnerability Details

GHSA

GHSA-p3jp-mxwf-g5m3: D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration↗2022-05-14

▶

CVEList

CVE-2018-18441: D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration↗2018-12-20

▶