Vulnerability Details CVE-2021-41504
An Elevated Privileges issue exists in D-Link DCS-5000L v1.05 and DCS-932L v2.17 and older. The use of the digest-authentication for the devices command interface may allow further attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 38.3%
CVSS Severity
CVSS v3 Score 8.0
CVSS v2 Score 5.2
References
Products affected by CVE-2021-41504
-
cpe:2.3:h:dlink:dcs-5000l:-
-
cpe:2.3:h:dlink:dcs-932l:-
-
cpe:2.3:o:dlink:dcs-5000l_firmware:1.05
-
cpe:2.3:o:dlink:dcs-932l_firmware:1.00
-
cpe:2.3:o:dlink:dcs-932l_firmware:1.02
-
cpe:2.3:o:dlink:dcs-932l_firmware:1.04
-
cpe:2.3:o:dlink:dcs-932l_firmware:1.05
-
cpe:2.3:o:dlink:dcs-932l_firmware:1.06
-
cpe:2.3:o:dlink:dcs-932l_firmware:1.08
-
cpe:2.3:o:dlink:dcs-932l_firmware:1.09
-
cpe:2.3:o:dlink:dcs-932l_firmware:1.13.04
-
cpe:2.3:o:dlink:dcs-932l_firmware:1.14
-
cpe:2.3:o:dlink:dcs-932l_firmware:1.27
-
cpe:2.3:o:dlink:dcs-932l_firmware:2.12
-
cpe:2.3:o:dlink:dcs-932l_firmware:2.13.15
-
cpe:2.3:o:dlink:dcs-932l_firmware:2.14
-
cpe:2.3:o:dlink:dcs-932l_firmware:2.16
-
cpe:2.3:o:dlink:dcs-932l_firmware:2.17