CVE-2021-41503

DCS-5000L v1.05 and DCS-932L v2.17 and older are affecged by Incorrect Acess Control. The use of the basic authentication for the devices command interface allows attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Published: Sep 24, 2021
Updated: Nov 8, 2023
CVE: CVE-2021-41503
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8
AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 5.2
AV:A/AC:L/Au:S/C:P/I:P/A:P

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
d-link / dcs-5000l_firmware	1.05	1.05.x
dlink / dcs-932l_firmware	-	2.17.x

https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10247
https://www.dlink.com/en/security-bulletin/

Vulnerability Database

289,697

CVE-2021-41503