First published: Mon May 06 2019(Updated: )
The D-Link DCS series of Wi-Fi cameras contains a stack-based buffer overflow in alphapd, the camera's web server. The overflow allows a remotely authenticated attacker to execute arbitrary code by providing a long string in the WEPEncryption parameter when requesting wireless.htm. Vulnerable devices include DCS-5009L (1.08.11 and below), DCS-5010L (1.14.09 and below), DCS-5020L (1.15.12 and below), DCS-5025L (1.03.07 and below), DCS-5030L (1.04.10 and below), DCS-930L (2.16.01 and below), DCS-931L (1.14.11 and below), DCS-932L (2.17.01 and below), DCS-933L (1.14.11 and below), and DCS-934L (1.05.04 and below).
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Dlink Dcs-930l Firmware | <=2.16.01 | |
Dlink Dcs-930l | ||
Dlink Dcs-931l Firmware | <=1.14.11 | |
Dlink Dcs-931l | ||
Dlink Dcs-932l Firmware | <=2.17.01 | |
Dlink Dcs-932l | ||
Dlink Dcs-933l Firmware | <=1.14.11 | |
Dlink Dcs-933l | ||
Dlink Dcs-934l Firmware | <=1.05.04 | |
Dlink Dcs-934l | ||
Dlink Dcs-5009l Firmware | <=1.08.11 | |
Dlink Dcs-5009l | ||
Dlink Dcs-5010l Firmware | <=1.14.09 | |
Dlink Dcs-5010l | ||
Dlink Dcs-5020l Firmware | <=1.15.12 | |
Dlink Dcs-5020l | ||
Dlink Dcs-5025l Firmware | <=1.03.07 | |
Dlink Dcs-5025l | ||
Dlink Dcs-5030l Firmware | <=1.04.10 | |
Dlink Dcs-5030l |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-10999 is a vulnerability found in the D-Link DCS series of Wi-Fi cameras that allows a remotely authenticated attacker to execute arbitrary code.
CVE-2019-10999 has a severity score of 8.8, which is considered high.
The D-Link DCS-930L, DCS-931L, DCS-932L, DCS-933L, DCS-934L, DCS-5009L, DCS-5010L, DCS-5020L, DCS-5025L, and DCS-5030L cameras are affected by CVE-2019-10999.
To fix CVE-2019-10999, it is recommended to update to the latest firmware version provided by D-Link and follow any necessary instructions.
You can find more information about CVE-2019-10999 on the GitHub page (https://github.com/fuzzywalls/CVE-2019-10999) and the D-Link support announcement (https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10131).