Associated Vulnerability
Title:多款D-Link产品安全漏洞 (CVE-2018-18441)Description:D-Link DCS-936L等都是友讯(D-Link)公司的DCS系列的无线网络摄像头产品。 使用1.00及之后版本固件的多款D-Link产品中存在安全漏洞。远程攻击者可借助<Camera-IP>/common/info.cgi文件利用该漏洞访问配置文件,获取型号,产品,品牌,版本,硬件版本,设备名称,位置,MAC地址,IP地址,网关IP地址,无线状态,输入/输出设置,扬声器和传感器设置信息等。以下产品受到影响:D-Link DCS-936L;DCS-942L;DCS-8000LH;DCS-942LB1
Description
D-Link DCS series Wi-Fi camera expose sensitive information.
Readme
# CVE-2018-18441-exploit
<pre>
D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration.
The affected devices include many of DCS series, such as: DCS-936L, DCS-942L, DCS-8000LH,
DCS-942LB1, DCS-5222L, DCS-825L, DCS-2630L, DCS-820L, DCS-855L, DCS-2121, DCS-5222LB1, DCS-5020L, and many more.
There are many affected firmware versions starting from 1.00 and above.
The configuration file can be accessed remotely through: <Camera-IP>/common/info.cgi, with no authentication.
The configuration file include the following fields:
model, product, brand, version, build, hw_version, nipca version, device name, location, MAC address, IP address,
gateway IP address, wireless status,input/outputsettings, speaker, and sensor settings.
</pre>
## Screenshot:
<img alt="Screenshot of the script" src="img/Capture.JPG">
### Caution ⚠:
<pre>
Use it for testing purpose only, not for harm anyone.
Use it at yyour own risk, I am not responsible if you use it for harm anyone.
File Snapshot
[4.0K] /data/pocs/780bd471428f0ffbf8fcb5a9d5b7f263473370fc
├── [3.3K] cve-2018-18441.php
├── [4.0K] img
│ └── [ 78K] Capture.JPG
├── [1.0K] LICENSE
└── [1019] README.md
2 directories, 4 files
Remarks
1. It is advised to access via the original source first.
2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.