search menu icon-carat-right cmu-wordmark

CERT Coordination Center

D-Link DCS-93xL model family allows unrestricted upload

Vulnerability Note VU#377348

Original Release Date: 2015-03-16 | Last Revised: 2015-03-16

Overview

The D-Link DCS-93xL family of devices (specifically the DCS-930L, DCS-931L, DCS-932L, and DCS-933L models) allows an attacker to upload arbitrary files from the attackers system.

Description

CWE-434: Unrestricted Upload of File with Dangerous Type

The D-Link DCS-93xL family of devices allows an attacker to upload arbitrary files from the attackers system. The attacker may specify the file location to write on the device. This could lead to data being created, modified, or deleted. It may also lead to arbitrary code execution.

The D-Link Firmware Version 1.04 (2014-04-21) has been found to be vulnerable. Other firmware versions may also be affected.

This firmware is used on the DCS-931L, DCS-930L, DCS-932L, and DCS-933L models.

Impact

A remote authenticated attacker can upload arbitrary files to the device's file system. This could lead to data being created, modified, or deleted. It may also lead to arbitrary code execution.

Solution

Update the firmware

According to D-Link's security advisory, users should update the firmware for affected device to the latest version.

Vendor Information

377348
 
Affected   Unknown   Unaffected

D-Link Systems, Inc.

Updated:  March 13, 2015

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References


CVSS Metrics

Group Score Vector
Base 9.0 AV:N/AC:L/Au:S/C:C/I:C/A:C
Temporal 8.1 E:POC/RL:U/RC:C
Environmental 6.1 CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

References

Acknowledgements

Thanks to Mike Baucom, Allen Harper, and J. Rach of Tangible Security for discovering and reporting this vulnerability. Tangible Security would also like to publically thank D-Link for their cooperation and desire to make their products and customers more secure.

This document was written by Garret Wassermann.

Other Information

CVE IDs: CVE-2015-2049
Date Public: 2015-03-13
Date First Published: 2015-03-16
Date Last Updated: 2015-03-16 21:34 UTC
Document Revision: 34

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.