Details of VAR-201507-0690

ID

VAR-201507-0690

TITLE

D-Link DCS-2103 HTML Injection Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2015-05259

DESCRIPTION

D-link DCS-2103 is a network camera product from D-Link. D-Link DCS-2103 has an HTML injection vulnerability and a cross-site request forgery vulnerability. A remote attacker could use these vulnerabilities to perform unauthorized operations, execute arbitrary scripts or HTML code in the context of a browser, and steal cookie-based authentication. Other attacks are also possible

Trust: 1.89

sources: CNVD: CNVD-2015-05259 // CNVD: CNVD-2015-05258 // CNNVD: CNNVD-201508-070 // BID: 76096

IOT TAXONOMY

category:

['IoT', 'Network device']

sub_category:

Trust: 1.2

sources: CNVD: CNVD-2015-05259 // CNVD: CNVD-2015-05258

AFFECTED PRODUCTS

vendor:	d link	model:	dcs-2103	scope:	-	version:	-	Trust: 1.2
vendor:	d link	model:	dcs-2103	scope:	eq	version:	1.0.0	Trust: 0.3

sources: CNVD: CNVD-2015-05259 // CNVD: CNVD-2015-05258 // BID: 76096

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2015-05259
value:	MEDIUM
Trust: 0.6
CNVD:	CNVD-2015-05258
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2015-05259
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
CNVD:	CNVD-2015-05258
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2015-05259 // CNVD: CNVD-2015-05258

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201508-070

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201508-070

EXTERNAL IDS

db:	BID	id:	76096	Trust: 2.1
db:	CNVD	id:	CNVD-2015-05259	Trust: 0.6
db:	CNVD	id:	CNVD-2015-05258	Trust: 0.6
db:	CNNVD	id:	CNNVD-201508-070	Trust: 0.6

sources: CNVD: CNVD-2015-05259 // CNVD: CNVD-2015-05258 // BID: 76096 // CNNVD: CNNVD-201508-070

REFERENCES

url:	http://www.securityfocus.com/bid/76096	Trust: 1.8
url:	http://websecurity.com.ua/7476/	Trust: 0.3
url:	http://www.dlink.com/	Trust: 0.3

sources: CNVD: CNVD-2015-05259 // CNVD: CNVD-2015-05258 // BID: 76096 // CNNVD: CNNVD-201508-070

CREDITS

MustLive

Trust: 0.9

sources: BID: 76096 // CNNVD: CNNVD-201508-070

SOURCES

db:	CNVD	id:	CNVD-2015-05259
db:	CNVD	id:	CNVD-2015-05258
db:	BID	id:	76096
db:	CNNVD	id:	CNNVD-201508-070

LAST UPDATE DATE

2022-05-17T02:01:10.335000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-05259	date:	2015-08-14T00:00:00
db:	CNVD	id:	CNVD-2015-05258	date:	2015-08-14T00:00:00
db:	BID	id:	76096	date:	2015-07-29T00:00:00
db:	CNNVD	id:	CNNVD-201508-070	date:	2015-08-12T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-05259	date:	2015-08-14T00:00:00
db:	CNVD	id:	CNVD-2015-05258	date:	2015-08-14T00:00:00
db:	BID	id:	76096	date:	2015-07-29T00:00:00
db:	CNNVD	id:	CNNVD-201508-070	date:	2015-07-29T00:00:00