CVE-2019-10999
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
3Exploited in Wild
-Decision
Descriptions
The D-Link DCS series of Wi-Fi cameras contains a stack-based buffer overflow in alphapd, the camera's web server. The overflow allows a remotely authenticated attacker to execute arbitrary code by providing a long string in the WEPEncryption parameter when requesting wireless.htm. Vulnerable devices include DCS-5009L (1.08.11 and below), DCS-5010L (1.14.09 and below), DCS-5020L (1.15.12 and below), DCS-5025L (1.03.07 and below), DCS-5030L (1.04.10 and below), DCS-930L (2.16.01 and below), DCS-931L (1.14.11 and below), DCS-932L (2.17.01 and below), DCS-933L (1.14.11 and below), and DCS-934L (1.05.04 and below).
Las series DCS de D-Link de cámaras Wi-Fi contienen una vulnerabilidad de desbordamiento de búfer basado en pila en alphapd, el servidor web de la cámara. El desbordamiento permite a un atacante autenticado de forma remota ejecutar código arbitrario proporcionando una cadena larga en el parámetro WEPEncryption cuando solicita wireless.htm. Los dispositivos vulnerables incluyen DCS-5009L (1.08.11 y anteriores), DCS-5010L (1.14.09 y anteriores), DCS-5020L (1.15.12 y anteriores), DCS-5025L (1.03.07 y anteriores), DCS-5030L (1.04).10 y anteriores), DCS-930L (2.16.01 y anteriores), DCS-931L (1.14.11 y anteriores), DCS-932L (2.17.01y anteriores), DCS-933L (1.14.11 y anteriores) y DCS-934L (1.05.04 y anteriores).
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-04-08 CVE Reserved
- 2019-05-06 CVE Published
- 2022-03-09 First Exploit
- 2023-03-07 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10131 | X_refsource_confirm |
URL | Date | SRC |
---|---|---|
https://github.com/tacnetsol/CVE-2019-10999 | 2022-05-03 | |
https://github.com/qjh2333/CVE-2019-10999 | 2022-03-09 | |
https://github.com/fuzzywalls/CVE-2019-10999 | 2024-08-04 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Dlink Search vendor "Dlink" | Dcs-930l Firmware Search vendor "Dlink" for product "Dcs-930l Firmware" | <= 2.16.01 Search vendor "Dlink" for product "Dcs-930l Firmware" and version " <= 2.16.01" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dcs-930l Search vendor "Dlink" for product "Dcs-930l" | - | - |
Safe
|
Dlink Search vendor "Dlink" | Dcs-931l Firmware Search vendor "Dlink" for product "Dcs-931l Firmware" | <= 1.14.11 Search vendor "Dlink" for product "Dcs-931l Firmware" and version " <= 1.14.11" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dcs-931l Search vendor "Dlink" for product "Dcs-931l" | - | - |
Safe
|
Dlink Search vendor "Dlink" | Dcs-932l Firmware Search vendor "Dlink" for product "Dcs-932l Firmware" | <= 2.17.01 Search vendor "Dlink" for product "Dcs-932l Firmware" and version " <= 2.17.01" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dcs-932l Search vendor "Dlink" for product "Dcs-932l" | - | - |
Safe
|
Dlink Search vendor "Dlink" | Dcs-933l Firmware Search vendor "Dlink" for product "Dcs-933l Firmware" | <= 1.14.11 Search vendor "Dlink" for product "Dcs-933l Firmware" and version " <= 1.14.11" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dcs-933l Search vendor "Dlink" for product "Dcs-933l" | - | - |
Safe
|
Dlink Search vendor "Dlink" | Dcs-934l Firmware Search vendor "Dlink" for product "Dcs-934l Firmware" | <= 1.05.04 Search vendor "Dlink" for product "Dcs-934l Firmware" and version " <= 1.05.04" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dcs-934l Search vendor "Dlink" for product "Dcs-934l" | - | - |
Safe
|
Dlink Search vendor "Dlink" | Dcs-5009l Firmware Search vendor "Dlink" for product "Dcs-5009l Firmware" | <= 1.08.11 Search vendor "Dlink" for product "Dcs-5009l Firmware" and version " <= 1.08.11" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dcs-5009l Search vendor "Dlink" for product "Dcs-5009l" | - | - |
Safe
|
Dlink Search vendor "Dlink" | Dcs-5010l Firmware Search vendor "Dlink" for product "Dcs-5010l Firmware" | <= 1.14.09 Search vendor "Dlink" for product "Dcs-5010l Firmware" and version " <= 1.14.09" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dcs-5010l Search vendor "Dlink" for product "Dcs-5010l" | - | - |
Safe
|
Dlink Search vendor "Dlink" | Dcs-5020l Firmware Search vendor "Dlink" for product "Dcs-5020l Firmware" | <= 1.15.12 Search vendor "Dlink" for product "Dcs-5020l Firmware" and version " <= 1.15.12" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dcs-5020l Search vendor "Dlink" for product "Dcs-5020l" | - | - |
Safe
|
Dlink Search vendor "Dlink" | Dcs-5025l Firmware Search vendor "Dlink" for product "Dcs-5025l Firmware" | <= 1.03.07 Search vendor "Dlink" for product "Dcs-5025l Firmware" and version " <= 1.03.07" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dcs-5025l Search vendor "Dlink" for product "Dcs-5025l" | - | - |
Safe
|
Dlink Search vendor "Dlink" | Dcs-5030l Firmware Search vendor "Dlink" for product "Dcs-5030l Firmware" | <= 1.04.10 Search vendor "Dlink" for product "Dcs-5030l Firmware" and version " <= 1.04.10" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dcs-5030l Search vendor "Dlink" for product "Dcs-5030l" | - | - |
Safe
|