Name of the Vulnerable Software and Affected Versions:

D-Link DCS series Wi-Fi cameras versions 1.00 and above

Description:

The issue is related to insufficient protection of registration data in the common/info.cgi component of D-Link DCS series Wi-Fi cameras' firmware. This can allow a remote attacker to disclose sensitive information. The configuration file can be accessed remotely through the "/common/info.cgi" endpoint with no authentication, exposing fields such as model, product, brand, version, build, hw version, nipca version, device name, location, MAC address, IP address, gateway IP address, wireless status, input/output settings, speaker, and sensor settings.

Recommendations:

For D-Link DCS series Wi-Fi cameras versions 1.00 and above, consider restricting access to the "/common/info.cgi" endpoint until a patch is available. As a temporary workaround, limit remote access to the camera's configuration file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.