CVE-2017-11563

D-Link EyeOn Baby Monitor (DCS-825L) 1.08.1 has a remote code execution vulnerability. A UDP "Discover" service, which provides multiple functions such as changing the passwords and getting basic information, was installed on the device. A remote attacker can send a crafted UDP request to finderd to perform stack overflow and execute arbitrary code with root privilege on the device.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
VendorProductVersion
dlinkeyeon_baby_monitor_firmware
1.08.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://seclists.org/fulldisclosure/2018/Aug/18
https://documents.trendmicro.com/assets/tech_brief_Device_Vulnerabilities_in_the_Connected_Home2.pdf
http://seclists.org/fulldisclosure/2018/Aug/18
https://documents.trendmicro.com/assets/tech_brief_Device_Vulnerabilities_in_the_Connected_Home2.pdf