Overview
The D-Link DCS-93xL family of devices (specifically the DCS-930L, DCS-931L, DCS-932L, and DCS-933L models) allows an attacker to upload arbitrary files from the attackers system.
Description
CWE-434: Unrestricted Upload of File with Dangerous Type The D-Link DCS-93xL family of devices allows an attacker to upload arbitrary files from the attackers system. The attacker may specify the file location to write on the device. This could lead to data being created, modified, or deleted. It may also lead to arbitrary code execution. |
Impact
A remote authenticated attacker can upload arbitrary files to the device's file system. This could lead to data being created, modified, or deleted. It may also lead to arbitrary code execution. |
Solution
Update the firmware |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | 9 | AV:N/AC:L/Au:S/C:C/I:C/A:C |
| Temporal | 8.1 | E:POC/RL:U/RC:C |
| Environmental | 6.1 | CDP:ND/TD:M/CR:ND/IR:ND/AR:ND |
References
- http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10049
- http://support.dlink.com/ProductInfo.aspx?m=DCS-930L
- http://support.dlink.com/ProductInfo.aspx?m=DCS-931L
- http://support.dlink.com/ProductInfo.aspx?m=DCS-932L
- http://support.dlink.com/ProductInfo.aspx?m=DCS-933L
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2049
Acknowledgements
Thanks to Mike Baucom, Allen Harper, and J. Rach of Tangible Security for discovering and reporting this vulnerability. Tangible Security would also like to publically thank D-Link for their cooperation and desire to make their products and customers more secure.
This document was written by Garret Wassermann.
Other Information
| CVE IDs: | CVE-2015-2049 |
| Date Public: | 2015-03-13 |
| Date First Published: | 2015-03-16 |
| Date Last Updated: | 2015-03-16 21:34 UTC |
| Document Revision: | 35 |