Vulnerability CVE-2019-10999
Published: 2019-05-06

Description:
The D-Link DCS series of Wi-Fi cameras contains a stack-based buffer overflow in alphapd, the camera's web server. The overflow allows a remotely authenticated attacker to execute arbitrary code by providing a long string in the WEPEncryption parameter when requesting wireless.htm. Vulnerable devices include DCS-5009L (1.08.11 and below), DCS-5010L (1.14.09 and below), DCS-5020L (1.15.12 and below), DCS-5025L (1.03.07 and below), DCS-5030L (1.04.10 and below), DCS-930L (2.16.01 and below), DCS-931L (1.14.11 and below), DCS-932L (2.17.01 and below), DCS-933L (1.14.11 and below), and DCS-934L (1.05.04 and below).

Type:

CWE-119

 (Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.5/10
6.4/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Dlink -> Dcs-5009l firmware 
Dlink -> Dcs-5010l firmware 
Dlink -> Dcs-5020l firmware 
Dlink -> Dcs-5025l firmware 
Dlink -> Dcs-5030l firmware 
Dlink -> Dcs-930l firmware 
Dlink -> Dcs-931l firmware 
Dlink -> Dcs-932l firmware 
Dlink -> Dcs-933l firmware 
Dlink -> Dcs-934l firmware 

 References:
https://github.com/fuzzywalls/CVE-2019-10999
Copyright 2024, cxsecurity.com

 

Back to Top