CVE-2021-41503
HIGHD-Link DCS-932L Firmware < 2.17 and DCS-5000L Firmware 1.05 - Improper Access Control via Basic Authentication
Title source: llmDescription
DCS-5000L v1.05 and DCS-932L v2.17 and older are affecged by Incorrect Acess Control. The use of the basic authentication for the devices command interface allows attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://www.dlink.com/en/security-bulletin/
Vendor Advisory x_refsource_misc
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10247
Scores
CVSS v3
8.0
EPSS
0.0043
EPSS Percentile
62.7%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-287
Status
published
Products (2)
d-link/dcs-5000l_firmware
1.05
dlink/dcs-932l_firmware
< 2.17
Published
Sep 24, 2021
Tracked Since
Feb 18, 2026