CVE-2023-51625

CWE-78OS Command Injection3 documents3 sources
Severity
8.0HIGH
EPSS
0.6%
top 31.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Dlink Dcs-8300lhv2 FirmwareD-link Dcs-8300lhv2
Timeline
PublishedMay 3

Description

D-Link DCS-8300LHV2 ONVIF SetSystemDateAndTime Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DCS-8300LHV2 IP cameras. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the implementation of the ONVIF API, which listens on TCP port 80. When parsing the sch:TZ XML element,

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.1 | Impact: 5.9

Affected Packages2 packages

CVEListV5d-link/dcs-8300lhv21.06.01

🔴Vulnerability Details

2
GHSA
GHSA-ggmh-38m7-9936: D-Link DCS-8300LHV2 ONVIF SetSystemDateAndTime Command Injection Remote Code Execution Vulnerability2024-05-03
CVEList
D-Link DCS-8300LHV2 ONVIF SetSystemDateAndTime Command Injection Remote Code Execution Vulnerability2024-05-03
CVE-2023-51625 (HIGH CVSS 8) | D-Link DCS-8300LHV2 ONVIF SetSystem | cvebase.io