D-Link Dcs-825L Firmware vulnerabilities

CVE-2018-18767 [HIGH] CWE-326 CVE-2018-18767: An issue was discovered in D-Link 'myDlink Baby App' version 2.04.06. Whenever actions are performed An issue was discovered in D-Link 'myDlink Baby App' version 2.04.06. Whenever actions are performed from the app (e.g., change camera settings or play lullabies), it communicates directly with the Wi-Fi camera (D-Link 825L firmware 1.08) with the credentials (username and password) in base64 cleartext. An attacker could conduct an MitM attack on the

CVE-2018-18442 [HIGH] CVE-2018-18442: D-Link DCS-825L devices with firmware 1.08 do not employ a suitable mechanism to prevent denial-of-s D-Link DCS-825L devices with firmware 1.08 do not employ a suitable mechanism to prevent denial-of-service (DoS) attacks. An attacker can harm the device availability (i.e., live-online video/audio streaming) by using the hping3 tool to perform an IPv4 flood attack. Verified attacks includes SYN flooding, UDP flooding, ICMP flooding, and SYN-ACK flooding.

CVE-2018-18441 [HIGH] CWE-200 CVE-2018-18441: D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration. The D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration. The affected devices include many of DCS series, such as: DCS-936L, DCS-942L, DCS-8000LH, DCS-942LB1, DCS-5222L, DCS-825L, DCS-2630L, DCS-820L, DCS-855L, DCS-2121, DCS-5222LB1, DCS-5020L, and many more. There are many affected firmware versions starting fr