Information disclosure in Dlink Dcs-932l

CVE-2012-4046

The D-Link DCS-932L camera with firmware 1.02 allows remote attackers to discover the password via a UDP broadcast packet, as demonstrated by running the D-Link Setup Wizard and reading the _paramR["P"] value.

Vulnerability class: Information Disclosure

EPSS: 0.001 (16.8th percentile) — read the EPSS interpretation.

Affected products

Dlink Dcs-932l
Dlink Dcs-932l_firmware — versions 1.02
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

cve@mitre.org (x_refsource_MISC)
20121213 Password Disclosure in D-Link IP Cameras (CVE-2012-4046) (mailing-list, x_refsource_BUGTRAQ)