Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:MISC:DLINK-CAMERA-CMD-INJ |
|---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Dlink IP Camera Video Stream Command Injection |
Release Date |
2014/03/14 |
Update Number |
2354 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: Dlink IP Camera Video Stream Command Injection
This signature detects attempts to exploit a known vulnerability against D-Link IP Camera. A successful attack can lead to arbitrary code execution.
Extended Description
A Command Injection vulnerability exists in the /var/www/cgi-bin/rtpd.cgi script in D-Link IP Cameras DCS-3411/3430 firmware 1.02, DCS-5605/5635 1.01, DCS-1100L/1130L 1.04, DCS-1100/1130 1.03, DCS-1100/1130 1.04_US, DCS-2102/2121 1.05_RU, DCS-3410 1.02, DCS-5230 1.02, DCS-5230L 1.02, DCS-6410 1.00, DCS-7410 1.00, DCS-7510 1.00, and WCS-1100 1.02, which could let a remote malicious user execute arbitrary commands through the camera’s web interface.
Affected Products
- Dlink dcs-1100_firmware 1.03
- Dlink dcs-1100_firmware 1.04
- Dlink dcs-1100l_firmware 1.04
- Dlink dcs-1130_firmware 1.03
- Dlink dcs-1130_firmware 1.04
- Dlink dcs-1130l_firmware 1.04
- Dlink dcs-2102_firmware 1.05
- Dlink dcs-2121_firmware 1.05
- Dlink dcs-3410_firmware 1.02
- Dlink dcs-3411_firmware 1.02
- Dlink dcs-3430_firmware 1.02
- Dlink dcs-5230_firmware 1.02
- Dlink dcs-5230l_firmware 1.02
- Dlink dcs-5605_firmware 1.01
- Dlink dcs-5635_firmware 1.01
- Dlink dcs-6410_firmware 1.00
- Dlink dcs-7410_firmware 1.00
- Dlink dcs-7510_firmware 1.00
- Dlink wcs-1100_firmware 1.00
References
- BugTraq: 59564
- CVE: CVE-2013-1599