本文介绍了D-Link DCS-2200监控摄像机的一个信息泄露漏洞,攻击者通过访问特定URL能获取到账号密码,从而影响设备安全性。漏洞复现部分提供了一个fofa搜索语句,显示了如何利用该漏洞进入后台并查看实时图像。
漏洞简介
D-Link DCS-2200是一款监控摄像机,成像色彩为彩色 是一款网络摄像机,
根据VULDB 所看到的信息原文如下
A vulnerability, which was classified as problematic, was found in D-Link DCS-2530L and DCS-2670L (the affected version unknown). This affects some unknown processing of the file /config/getuser. The manipulation with an unknown input leads to a information disclosure vulnerability (Password). CWE is classifying the issue as CWE-200. This is going to have an impact on confidentiality. The summary by CVE is:
通过原文大概意思可以总结为:
D-Link DCS系列 通过访问特定的URL可以得到账号密码信息,攻击方可以
直接进入利用漏洞得到账户密码直接进入后台
漏洞复现
fofa语句
app=“D_Link-DCS-2530L”
最低0.47元/天 解锁文章
扫一扫
344
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
