Details of VAR-201202-0352

ID

VAR-201202-0352

TITLE

D-Link DCS product 'security.cgi' Cross-Site Request Forgery Vulnerability

Trust: 0.8

sources: IVD: c66c74e8-1f72-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0857

DESCRIPTION

D-Link DCS is a camera device product. There is a vulnerability in D-Link DCS. Because the 'security.cgi' provided by the D-Link DCS product fails to properly filter the user-submitted input, it can trigger a cross-site request forgery attack. The attacker constructs a malicious URI, entice the user to access, and can perform malicious operations with administrator privileges. The D-Link DCS-900, DCS-2000, and DCS-5300 are prone to a cross-site request-forgery vulnerability. Successful exploits may allow attackers to run privileged commands on the affected device, change configuration, cause denial-of-service conditions, or inject arbitrary script code. Other attacks are also possible. This issue affects D-Link DCS-900, DCS-2000, and DCS-5300

Trust: 0.99

sources: CNVD: CNVD-2012-0857 // BID: 52134 // IVD: c66c74e8-1f72-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:	['IoT', 'ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: c66c74e8-1f72-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0857

AFFECTED PRODUCTS

vendor:	d link	model:	dcs-900	scope:	-	version:	-	Trust: 0.6
vendor:	d link	model:	dcs-5300	scope:	-	version:	-	Trust: 0.6
vendor:	d link	model:	dcs-2000	scope:	-	version:	-	Trust: 0.6
vendor:	d link	model:	dcs-900	scope:	eq	version:	0	Trust: 0.3
vendor:	d link	model:	dcs-5300	scope:	eq	version:	0	Trust: 0.3
vendor:	d link	model:	dcs-2000	scope:	eq	version:	0	Trust: 0.3
vendor:	d link	model:	dcs-900 null	scope:	eq	version:	*	Trust: 0.2
vendor:	d link	model:	dcs-5300 null	scope:	eq	version:	*	Trust: 0.2
vendor:	d link	model:	dcs-2000 null	scope:	eq	version:	*	Trust: 0.2

sources: IVD: c66c74e8-1f72-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0857 // BID: 52134

CVSS

SEVERITY

CVSSV2

CVSSV3

IVD:	c66c74e8-1f72-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2

IVD:	c66c74e8-1f72-11e6-abef-000c29c66e3d
severity:	NONE
baseScore:	NONE
vectorString:	NONE
accessVector:	NONE
accessComplexity:	NONE
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	UNKNOWN
Trust: 0.2

sources: IVD: c66c74e8-1f72-11e6-abef-000c29c66e3d

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201202-469

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201202-469

EXTERNAL IDS

db:	BID	id:	52134	Trust: 1.5
db:	CNVD	id:	CNVD-2012-0857	Trust: 0.8
db:	CNNVD	id:	CNNVD-201202-469	Trust: 0.6
db:	IVD	id:	C66C74E8-1F72-11E6-ABEF-000C29C66E3D	Trust: 0.2

sources: IVD: c66c74e8-1f72-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0857 // BID: 52134 // CNNVD: CNNVD-201202-469

REFERENCES

url:	http://www.securityfocus.com/bid/52134/	Trust: 0.6
url:	http://www.securityfocus.com/bid/52134	Trust: 0.6
url:	http://www.d-link.com	Trust: 0.3

sources: CNVD: CNVD-2012-0857 // BID: 52134 // CNNVD: CNNVD-201202-469

CREDITS

Rigan Iimrigan

Trust: 0.9

sources: BID: 52134 // CNNVD: CNNVD-201202-469

SOURCES

db:	IVD	id:	c66c74e8-1f72-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2012-0857
db:	BID	id:	52134
db:	CNNVD	id:	CNNVD-201202-469

LAST UPDATE DATE

2022-05-17T02:08:16.551000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2012-0857	date:	2012-02-27T00:00:00
db:	BID	id:	52134	date:	2012-02-23T00:00:00
db:	CNNVD	id:	CNNVD-201202-469	date:	2012-02-27T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	c66c74e8-1f72-11e6-abef-000c29c66e3d	date:	2012-02-27T00:00:00
db:	CNVD	id:	CNVD-2012-0857	date:	2012-02-27T00:00:00
db:	BID	id:	52134	date:	2012-02-23T00:00:00
db:	CNNVD	id:	CNNVD-201202-469	date:	2012-02-27T00:00:00