An issue was discovered in D-Link 'myDlink Baby App' version 2.04.06. Whenever actions are performed from the app (e.g., change camera settings or play lullabies), it communicates directly with the Wi-Fi camera (D-Link 825L firmware 1.08) with the credentials (username and password) in base64 cleartext. An attacker could conduct an MitM attack on the local network and very easily obtain these credentials.
References
Link | Resource |
---|---|
https://dojo.bullguard.com/dojo-by-bullguard/blog/i-got-my-eyeon-you-security-vulnerabilities-in-baby-monitor/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-12-20T22:00:00
Updated: 2018-12-20T21:57:01
Reserved: 2018-10-28T00:00:00
Link: CVE-2018-18767
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-12-20T23:29:00.863
Modified: 2023-04-26T19:36:57.870
Link: CVE-2018-18767
JSON object: View
Redhat Information
No data.
CWE