Azad Mustafa

**Name of the Vulnerable Software and Affected Versions** DCS-5000L version 1.05 and earlier DCS-932L version 2.17 and earlier **Description** The issue is related to incorrect access control, allowing malicious users on the LAN to access the device due to the use of basic authentication for the devices' command interface. This may compromise the camera's configuration. The vulnerability only affects products that are no longer supported by the maintainer. **Recommendations** For DCS-5000L version 1.05 and earlier, consider disabling the basic authentication for the devices' command interface until a patch is available. For DCS-932L version 2.17 and earlier, restrict access to the command interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DCS-5000L version 1.05 and older D-Link DCS-932L version 2.17 and older **Description** An Elevated Privileges issue exists due to the use of digest-authentication for the devices command interface, potentially allowing malicious users on the LAN to access the device and compromise its configuration. This issue only affects products that are no longer supported by the maintainer. **Recommendations** For D-Link DCS-5000L version 1.05 and older, consider disabling the digest-authentication for the devices command interface as a temporary workaround to minimize the risk of exploitation. For D-Link DCS-932L version 2.17 and older, restrict access to the devices command interface until a solution is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.