Executive Summary

Summary
Title D-Link DCS-93xL model family allows unrestricted upload
Informations
Name VU#377348 First vendor Publication 2015-03-16
Vendor VU-CERT Last vendor Modification 2015-03-16
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:S/C:C/I:C/A:C)
Cvss Base Score 9 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 8 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#377348

D-Link DCS-93xL model family allows unrestricted upload

Original Release date: 16 Mar 2015 | Last revised: 16 Mar 2015

Overview

The D-Link DCS-93xL family of devices (specifically the DCS-930L, DCS-931L, DCS-932L, and DCS-933L models) allows an attacker to upload arbitrary files from the attackers system.

Description

CWE-434: Unrestricted Upload of File with Dangerous Type

The D-Link DCS-93xL family of devices allows an attacker to upload arbitrary files from the attackers system. The attacker may specify the file location to write on the device. This could lead to data being created, modified, or deleted. It may also lead to arbitrary code execution.

The D-Link Firmware Version 1.04 (2014-04-21) has been found to be vulnerable. Other firmware versions may also be affected.

This firmware is used on the DCS-931L, DCS-930L, DCS-932L, and DCS-933L models.

Impact

A remote authenticated attacker can upload arbitrary files to the device's file system. This could lead to data being created, modified, or deleted. It may also lead to arbitrary code execution.

Solution

Update the firmware

According to D-Link's security advisory, users should update the firmware for affected device to the latest version.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
D-Link Systems, Inc.Affected-13 Mar 2015
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

GroupScoreVector
Base9.0AV:N/AC:L/Au:S/C:C/I:C/A:C
Temporal8.1E:POC/RL:U/RC:C
Environmental6.1CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

References

  • http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10049
  • http://support.dlink.com/ProductInfo.aspx?m=DCS-930L
  • http://support.dlink.com/ProductInfo.aspx?m=DCS-931L
  • http://support.dlink.com/ProductInfo.aspx?m=DCS-932L
  • http://support.dlink.com/ProductInfo.aspx?m=DCS-933L
  • http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2049

Credit

Thanks to Mike Baucom, Allen Harper, and J. Rach of Tangible Security for discovering and reporting this vulnerability. Tangible Security would also like to publically thank D-Link for their cooperation and desire to make their products and customers more secure.

This document was written by Garret Wassermann.

Other Information

  • CVE IDs:CVE-2015-2049
  • Date Public:13 Mar 2015
  • Date First Published:16 Mar 2015
  • Date Last Updated:16 Mar 2015
  • Document Revision:34

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Original Source

Url : http://www.kb.cert.org/vuls/id/377348

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 1

Snort® IPS/IDS

Date Description
2016-03-14 D-Link DCS-900 Series Network Camera arbitrary file upload attempt
RuleID : 37242 - Revision : 3 - Type : SERVER-WEBAPP

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2015-03-17 00:24:09
  • Multiple Updates
2015-03-16 21:25:09
  • First insertion