CVE-2017-7852HIGHCVSS 8.8PoC≤ 1.13.002017-04-24
CVE-2017-7852 [HIGH] CWE-352 CVE-2017-7852: D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Fla
D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device's settings via a CSRF attack. This is because of the 'allow-access-from domain' child element set to *, thus accepting requests from any domain. If a victim logged into the camera's web console visits a malici
nvd