CVE-2018-18767

HIGH Year: 2018
CVSS v3 Score
7.0
High
CVSS v2 Score
1.9
Low
Weakness Type
CWE-326
View all →

Vulnerability Description

An issue was discovered in D-Link 'myDlink Baby App' version 2.04.06. Whenever actions are performed from the app (e.g., change camera settings or play lullabies), it communicates directly with the Wi-Fi camera (D-Link 825L firmware 1.08) with the credentials (username and password) in base64 cleartext. An attacker could conduct an MitM attack on the local network and very easily obtain these credentials.

Related Vulnerabilities

CVE-2024-1224

HIGH
CVSS:7.1(High)

This vulnerability exists in USB Pratirodh due to the usage of a weaker cryptographic algorithm (hash) SHA1 in user login component. A local attacker with administrative privileges could exploit this ...

CWE-3262024

CVE-2017-5535

MEDIUM
CVSS:6.8(Medium)

The GridServer Broker, GridServer Driver, and GridServer Engine components of TIBCO Software Inc. TIBCO DataSynapse GridServer Manager contain vulnerabilities related to both the improper use of encry...

CWE-3262017

CVE-2020-27208

MEDIUM
CVSS:6.8(Medium)

The flash read-out protection (RDP) level is not enforced during the device initialization phase of the SoloKeys Solo 4.0.0 & Somu and the Nitrokey FIDO2 token. This allows an adversary to downgrade t...

CWE-3262020

CVE-2023-27389

HIGH
CVSS:7.2(High)

Inadequate encryption strength vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker with an administrative privilege to apply a specially crafted Firmware update file...

CWE-3262023

CVE-2023-36748

MEDIUM
CVSS:6.8(Medium)

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX15...

CWE-3262023