CVE-2017-8413

Name of the Vulnerable Software and Affected Versions D-Link DCS-1100 (affected versions not specified) D-Link DCS-1130 (affected versions not specified)

Description An issue was discovered in D-Link devices, where a custom daemon runs on UDP port 5978, handling a custom D-Link UDP-based protocol. This protocol allows D-Link mobile and desktop applications to discover devices on the local network. The daemon processes received UDP packets, and if a packet is received with a specific type, the string passed in the C parameter is base64 decoded and executed by passing into a System API. This allows a third-party application on the device to execute commands without authentication by sending a single UDP packet with custom base64 encoding.

Recommendations For D-Link DCS-1100, restrict access to the custom daemon on UDP port 5978 to minimize the risk of exploitation. For D-Link DCS-1130, consider disabling the dldps2121 daemon until a patch is available. Avoid using the C parameter in the custom protocol to prevent command execution. As a temporary workaround, consider blocking UDP packets sent to port 5978 from untrusted sources.