// For flags

CVE-2019-10999

 

Severity Score

8.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

3
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The D-Link DCS series of Wi-Fi cameras contains a stack-based buffer overflow in alphapd, the camera's web server. The overflow allows a remotely authenticated attacker to execute arbitrary code by providing a long string in the WEPEncryption parameter when requesting wireless.htm. Vulnerable devices include DCS-5009L (1.08.11 and below), DCS-5010L (1.14.09 and below), DCS-5020L (1.15.12 and below), DCS-5025L (1.03.07 and below), DCS-5030L (1.04.10 and below), DCS-930L (2.16.01 and below), DCS-931L (1.14.11 and below), DCS-932L (2.17.01 and below), DCS-933L (1.14.11 and below), and DCS-934L (1.05.04 and below).

Las series DCS de D-Link de cámaras Wi-Fi contienen una vulnerabilidad de desbordamiento de búfer basado en pila en alphapd, el servidor web de la cámara. El desbordamiento permite a un atacante autenticado de forma remota ejecutar código arbitrario proporcionando una cadena larga en el parámetro WEPEncryption cuando solicita wireless.htm. Los dispositivos vulnerables incluyen DCS-5009L (1.08.11 y anteriores), DCS-5010L (1.14.09 y anteriores), DCS-5020L (1.15.12 y anteriores), DCS-5025L (1.03.07 y anteriores), DCS-5030L (1.04).10 y anteriores), DCS-930L (2.16.01 y anteriores), DCS-931L (1.14.11 y anteriores), DCS-932L (2.17.01y anteriores), DCS-933L (1.14.11 y anteriores) y DCS-934L (1.05.04 y anteriores).

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-04-08 CVE Reserved
  • 2019-05-06 CVE Published
  • 2022-03-09 First Exploit
  • 2023-03-07 EPSS Updated
  • 2024-08-04 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-787: Out-of-bounds Write
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Dlink
Search vendor "Dlink"
Dcs-930l Firmware
Search vendor "Dlink" for product "Dcs-930l Firmware"
<= 2.16.01
Search vendor "Dlink" for product "Dcs-930l Firmware" and version " <= 2.16.01"
-
Affected
in Dlink
Search vendor "Dlink"
Dcs-930l
Search vendor "Dlink" for product "Dcs-930l"
--
Safe
Dlink
Search vendor "Dlink"
Dcs-931l Firmware
Search vendor "Dlink" for product "Dcs-931l Firmware"
<= 1.14.11
Search vendor "Dlink" for product "Dcs-931l Firmware" and version " <= 1.14.11"
-
Affected
in Dlink
Search vendor "Dlink"
Dcs-931l
Search vendor "Dlink" for product "Dcs-931l"
--
Safe
Dlink
Search vendor "Dlink"
Dcs-932l Firmware
Search vendor "Dlink" for product "Dcs-932l Firmware"
<= 2.17.01
Search vendor "Dlink" for product "Dcs-932l Firmware" and version " <= 2.17.01"
-
Affected
in Dlink
Search vendor "Dlink"
Dcs-932l
Search vendor "Dlink" for product "Dcs-932l"
--
Safe
Dlink
Search vendor "Dlink"
Dcs-933l Firmware
Search vendor "Dlink" for product "Dcs-933l Firmware"
<= 1.14.11
Search vendor "Dlink" for product "Dcs-933l Firmware" and version " <= 1.14.11"
-
Affected
in Dlink
Search vendor "Dlink"
Dcs-933l
Search vendor "Dlink" for product "Dcs-933l"
--
Safe
Dlink
Search vendor "Dlink"
Dcs-934l Firmware
Search vendor "Dlink" for product "Dcs-934l Firmware"
<= 1.05.04
Search vendor "Dlink" for product "Dcs-934l Firmware" and version " <= 1.05.04"
-
Affected
in Dlink
Search vendor "Dlink"
Dcs-934l
Search vendor "Dlink" for product "Dcs-934l"
--
Safe
Dlink
Search vendor "Dlink"
Dcs-5009l Firmware
Search vendor "Dlink" for product "Dcs-5009l Firmware"
<= 1.08.11
Search vendor "Dlink" for product "Dcs-5009l Firmware" and version " <= 1.08.11"
-
Affected
in Dlink
Search vendor "Dlink"
Dcs-5009l
Search vendor "Dlink" for product "Dcs-5009l"
--
Safe
Dlink
Search vendor "Dlink"
Dcs-5010l Firmware
Search vendor "Dlink" for product "Dcs-5010l Firmware"
<= 1.14.09
Search vendor "Dlink" for product "Dcs-5010l Firmware" and version " <= 1.14.09"
-
Affected
in Dlink
Search vendor "Dlink"
Dcs-5010l
Search vendor "Dlink" for product "Dcs-5010l"
--
Safe
Dlink
Search vendor "Dlink"
Dcs-5020l Firmware
Search vendor "Dlink" for product "Dcs-5020l Firmware"
<= 1.15.12
Search vendor "Dlink" for product "Dcs-5020l Firmware" and version " <= 1.15.12"
-
Affected
in Dlink
Search vendor "Dlink"
Dcs-5020l
Search vendor "Dlink" for product "Dcs-5020l"
--
Safe
Dlink
Search vendor "Dlink"
Dcs-5025l Firmware
Search vendor "Dlink" for product "Dcs-5025l Firmware"
<= 1.03.07
Search vendor "Dlink" for product "Dcs-5025l Firmware" and version " <= 1.03.07"
-
Affected
in Dlink
Search vendor "Dlink"
Dcs-5025l
Search vendor "Dlink" for product "Dcs-5025l"
--
Safe
Dlink
Search vendor "Dlink"
Dcs-5030l Firmware
Search vendor "Dlink" for product "Dcs-5030l Firmware"
<= 1.04.10
Search vendor "Dlink" for product "Dcs-5030l Firmware" and version " <= 1.04.10"
-
Affected
in Dlink
Search vendor "Dlink"
Dcs-5030l
Search vendor "Dlink" for product "Dcs-5030l"
--
Safe