CVE-2018-18767

CWE-3263 documents3 sources

Severity

7.0HIGH

EPSS

0.2%

top 61.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

D-link Dcs-825l Firmware Dlink Mydlink Baby Camera Monitor

Timeline

PublishedDec 20

Latest updateMay 13

Description

An issue was discovered in D-Link 'myDlink Baby App' version 2.04.06. Whenever actions are performed from the app (e.g., change camera settings or play lullabies), it communicates directly with the Wi-Fi camera (D-Link 825L firmware 1.08) with the credentials (username and password) in base64 cleartext. An attacker could conduct an MitM attack on the local network and very easily obtain these credentials.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages2 packages

▶NVDdlink/mydlink_baby_camera_monitor2.04.06

▶NVDd-link/dcs-825l_firmware1.08

🔴Vulnerability Details

GHSA

GHSA-rjhq-673f-g5h2: An issue was discovered in D-Link 'myDlink Baby App' version 2↗2022-05-13

▶

CVEList

CVE-2018-18767: An issue was discovered in D-Link 'myDlink Baby App' version 2↗2018-12-20

▶