This host has D-link IP Camera and is prone to multiple vulnerabilities.

Successful exploitation will allow remote attackers to disclose the software's installation path resulting in a loss of confidentiality and gain access to arbitrary files. Impact Level: Application

No solution or patch is available as of 20th February, 2015. Information regarding this issue will updated once the solution details are available. For updates refer to http://www.dlink.com

Flaws are due to, - The /cgi-bin/sddownload.cgi script not properly sanitizing user input, specifically path traversal style attacks (e.g. '../') supplied via the 'file' parameter. - An input passed via the /cgi-bin/sddownload.cgi script to the 'file' parameter is not properly sanitized.

D-link IP camera DCS-2103 with firmware 1.0.0

Send a crafted HTTP GET request and check whether it is able to download the system files.

• http://packetstormsecurity.com/files/129138
• http://seclists.org/fulldisclosure/2014/Nov/42
• http://www.osvdb.org/114777
• http://www.osvdb.org/114778

---

Updated on 2015-03-25