关联漏洞
标题:
多款D-Link产品安全漏洞
(CVE-2018-18441)
描述:D-Link DCS-936L等都是友讯(D-Link)公司的DCS系列的无线网络摄像头产品。 使用1.00及之后版本固件的多款D-Link产品中存在安全漏洞。远程攻击者可借助<Camera-IP>/common/info.cgi文件利用该漏洞访问配置文件,获取型号,产品,品牌,版本,硬件版本,设备名称,位置,MAC地址,IP地址,网关IP地址,无线状态,输入/输出设置,扬声器和传感器设置信息等。以下产品受到影响:D-Link DCS-936L;DCS-942L;DCS-8000LH;DCS-942LB1
描述
D-Link DCS series Wi-Fi camera expose sensitive information.
介绍
# CVE-2018-18441-exploit
<pre>
D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration.
The affected devices include many of DCS series, such as: DCS-936L, DCS-942L, DCS-8000LH,
DCS-942LB1, DCS-5222L, DCS-825L, DCS-2630L, DCS-820L, DCS-855L, DCS-2121, DCS-5222LB1, DCS-5020L, and many more.
There are many affected firmware versions starting from 1.00 and above.
The configuration file can be accessed remotely through: <Camera-IP>/common/info.cgi, with no authentication.
The configuration file include the following fields:
model, product, brand, version, build, hw_version, nipca version, device name, location, MAC address, IP address,
gateway IP address, wireless status,input/outputsettings, speaker, and sensor settings.
</pre>
## Screenshot:
<img alt="Screenshot of the script" src="img/Capture.JPG">
### Caution ⚠:
<pre>
Use it for testing purpose only, not for harm anyone.
Use it at yyour own risk, I am not responsible if you use it for harm anyone.
文件快照
[4.0K] /data/pocs/780bd471428f0ffbf8fcb5a9d5b7f263473370fc
├── [3.3K] cve-2018-18441.php
├── [4.0K] img
│ └── [ 78K] Capture.JPG
├── [1.0K] LICENSE
└── [1019] README.md
1 directory, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。