CVE-2021-41504 — Improper Privilege Management in Dlink Dcs-932l Firmware

CWE-269 — Improper Privilege Management3 documents3 sources

Severity

8.0HIGHNVD

EPSS

0.2%

top 62.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dlink Dcs-932l Firmware Dlink Dcs-5000l Firmware

Timeline

PublishedSep 24

Latest updateMay 24

Description

An Elevated Privileges issue exists in D-Link DCS-5000L v1.05 and DCS-932L v2.17 and older. The use of the digest-authentication for the devices command interface may allow further attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.1 | Impact: 5.9

Affected Packages2 packages

▶NVDdlink/dcs-932l_firmware2.17

▶NVDdlink/dcs-5000l_firmware1.05

🔴Vulnerability Details

GHSA

GHSA-55fp-xjf8-j279: ** UNSUPPORTED WHEN ASSIGNED ** An Elevated Privileges issue exists in D-Link DCS-5000L v1↗2022-05-24

▶

CVEList

CVE-2021-41504: An Elevated Privileges issue exists in D-Link DCS-5000L v1↗2021-09-24

▶