CVE-2018-7698

HIGH Year: 2018
CVSS v3 Score
8.1
High
CVSS v2 Score
4.3
Medium
Weakness Type
CWE-522
View all →

Vulnerability Description

An issue was discovered in D-Link mydlink+ 3.8.5 build 259 for DCS-933L 1.05.04 and DCS-934L 1.05.04 devices. The mydlink+ app sends the username and password for connected D-Link cameras (such as DCS-933L and DCS-934L) unencrypted from the app to the camera, allowing attackers to obtain these credentials and gain control of the camera including the ability to view the camera's stream and make changes without the user's knowledge.

Related Vulnerabilities

CVE-2017-1337

HIGH
CVSS:8.1(High)

IBM WebSphere MQ 9.0.1 and 9.0.2 Java/JMS application can incorrectly transmit user credentials in plain text. IBM X-Force ID: 126245.

CWE-5222017

CVE-2017-14418

HIGH
CVSS:8.1(High)

The D-Link NPAPI extension, as used in conjunction with D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices, sends the cleartext admin password over the Internet as part of interaction w...

CWE-5222017

CVE-2017-14711

HIGH
CVSS:8.1(High)

The Kickbase GmbH "Kickbase Bundesliga Manager" app before 2.2.1 -- aka kickbase-bundesliga-manager/id678241305 -- for iOS is vulnerable to a credentials leak due to transmitting a username and passwo...

CWE-5222017

CVE-2017-17691

HIGH
CVSS:8.1(High)

Homeputer CL Studio fur HomeMatic 4.0 Rel 160808 and earlier uses cleartext to exchange the username and password between server and client instances, which allows remote attackers to obtain sensitive...

CWE-5222017

CVE-2017-6528

HIGH
CVSS:8.1(High)

An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is affected by plaintext password storage (the /home/dna/spool/.pfile file).

CWE-5222017

CVE-2018-11639

HIGH
CVSS:8.1(High)

Plaintext Storage of Passwords within Cookies in /var/www/xms/application/controllers/verifyLogin.php in the administrative console in Dialogic PowerMedia XMS before 3.5 SU2 allows remote attackers to...

CWE-5222018