Re: D-Link DCS-2121 Semicolon Vulnerability

[Josh Bressers <bressers () redhat com>]

I'm going to leave this one to MITRE. I want to stick with the current list policy of only assigning IDs to open source 
projects.

Thanks.

-- 
    JB

----- Original Message -----
> Hello,
>
> I've come up with this [0] blog post which, accordingly to author,
> describes a 0day vulnerability within D-Link DCS-2121 camera.
>
> In summary, the data posted from the web configuration interface to
> samba is
> directly used as a parameter without proper sanitization. This leads
> to
> an unwanted system call.
>
> Although the author says that the vulnerability can only be used by
> authenticated users via web interface, it would be dangerous together
> with CSRF on authenticated user. I think that it's worth looking, or,
> at
> least let the vendor know.
>
> """
> Disclaimer (for not-so-funny people): yes this is "0day", unreported
> to
> the vendor. I even suspect the whole D-Link product line is vulnerable
> to the same bug (if not the whole world of low-end embedded systems
> (and
> even business class products)). However, since Web access requires
> authentication, this bug might be exploitable by administrators only,
> so
> it is only useful for people who would like to gain a shell on their
> own
> systems. Do not panic :)
> """
>
> [0]
> http://newsoft-tech.blogspot.com/2010/09/d-link-dcs-2121-and-state-of-embedded.html
>
> Regards,
>
> --
> . 73! DE TA1AET