Details of VAR-201110-0510

ID

VAR-201110-0510

TITLE

D-Link DCS-2121 Password Field Remote Command Injection Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2011-4363

DESCRIPTION

The D-Link DCS-2121 is a network camera device. The D-Link DCS-2121 is based on the Linux embedded system. If the password field data is not properly filtered, the shell metacharacter (semicolon injection) can be injected and any command can be executed. D-Link DCS-2121 is prone to a remote command-execution vulnerability. Attackers can exploit this issue to execute arbitrary commands within the context of the affected device. D-Link DCS-2121 with firmware version 1.04 is vulnerable; other versions may also be affected

Trust: 0.81

sources: CNVD: CNVD-2011-4363 // BID: 50277

IOT TAXONOMY

category:

['IoT', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2011-4363

AFFECTED PRODUCTS

vendor:

d link

model:

dcs-2121

scope:

version:

1.0.4

Trust: 0.9

sources: CNVD: CNVD-2011-4363 // BID: 50277

THREAT TYPE

network

Trust: 0.3

sources: BID: 50277

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 50277

EXTERNAL IDS

db:	BID	id:	50277	Trust: 0.9
db:	CNVD	id:	CNVD-2011-4363	Trust: 0.6

sources: CNVD: CNVD-2011-4363 // BID: 50277

REFERENCES

url:	http://newsoft-tech.blogspot.com/2010/09/d-link-dcs-2121-and-state-of-embedded.html	Trust: 0.9
url:	http://www.dlink.com/	Trust: 0.3

sources: CNVD: CNVD-2011-4363 // BID: 50277

CREDITS

Newsoft Tech Blog

Trust: 0.3

sources: BID: 50277

SOURCES

db:	CNVD	id:	CNVD-2011-4363
db:	BID	id:	50277

LAST UPDATE DATE

2022-05-17T01:41:34.648000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2011-4363	date:	2011-10-20T00:00:00
db:	BID	id:	50277	date:	2011-10-19T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2011-4363	date:	2011-10-20T00:00:00
db:	BID	id:	50277	date:	2011-10-19T00:00:00