Intro This article covers the two CVE’s we found during our thesis work earlier this year. The devices concerned are two D-Link IP cameras. In the table below you can see the names and models and respectively their hardware and software versions. Manufacturer Model Software Version Hardware Version D-Link DCS-5000L 1.05 A D-Link DCS-932L 2.17 B Table 1 – Software and Hardware Versions The setup Our testing setup was pretty simple. In this scenario we connected the two cameras, a client running MacOS and evil client running Linux to a router. For an exact setup see Figure 1. Affected http://CAMERA_IP:80 (CVE-2021-41504) http://CAMERA_IP/video.cgi (CVE-2021-41503) Reproducibility This section contains the step necessary…
Cyber Security