CVE-2019-10999
Summary
| CVE | CVE-2019-10999 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-05-06 20:29:00 UTC |
| Updated | 2020-08-24 17:37:00 UTC |
| Description | The D-Link DCS series of Wi-Fi cameras contains a stack-based buffer overflow in alphapd, the camera's web server. The overflow allows a remotely authenticated attacker to execute arbitrary code by providing a long string in the WEPEncryption parameter when requesting wireless.htm. Vulnerable devices include DCS-5009L (1.08.11 and below), DCS-5010L (1.14.09 and below), DCS-5020L (1.15.12 and below), DCS-5025L (1.03.07 and below), DCS-5030L (1.04.10 and below), DCS-930L (2.16.01 and below), DCS-931L (1.14.11 and below), DCS-932L (2.17.01 and below), DCS-933L (1.14.11 and below), and DCS-934L (1.05.04 and below). |
Risk And Classification
Problem Types: CWE-787
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Dlink | Dcs-5009l | - | All | All | All |
| Hardware | Dlink | Dcs-5009l | - | All | All | All |
| Operating System | Dlink | Dcs-5009l Firmware | All | All | All | All |
| Hardware | Dlink | Dcs-5010l | - | All | All | All |
| Hardware | Dlink | Dcs-5010l | - | All | All | All |
| Operating System | Dlink | Dcs-5010l Firmware | All | All | All | All |
| Hardware | Dlink | Dcs-5020l | - | All | All | All |
| Hardware | Dlink | Dcs-5020l | - | All | All | All |
| Operating System | Dlink | Dcs-5020l Firmware | All | All | All | All |
| Hardware | Dlink | Dcs-5025l | - | All | All | All |
| Hardware | Dlink | Dcs-5025l | - | All | All | All |
| Operating System | Dlink | Dcs-5025l Firmware | All | All | All | All |
| Hardware | Dlink | Dcs-5030l | - | All | All | All |
| Hardware | Dlink | Dcs-5030l | - | All | All | All |
| Operating System | Dlink | Dcs-5030l Firmware | All | All | All | All |
| Hardware | Dlink | Dcs-930l | - | All | All | All |
| Hardware | Dlink | Dcs-930l | - | All | All | All |
| Operating System | Dlink | Dcs-930l Firmware | All | All | All | All |
| Hardware | Dlink | Dcs-931l | - | All | All | All |
| Hardware | Dlink | Dcs-931l | - | All | All | All |
| Operating System | Dlink | Dcs-931l Firmware | All | All | All | All |
| Hardware | Dlink | Dcs-932l | - | All | All | All |
| Hardware | Dlink | Dcs-932l | - | All | All | All |
| Operating System | Dlink | Dcs-932l Firmware | All | All | All | All |
| Hardware | Dlink | Dcs-933l | - | All | All | All |
| Hardware | Dlink | Dcs-933l | - | All | All | All |
| Operating System | Dlink | Dcs-933l Firmware | All | All | All | All |
| Hardware | Dlink | Dcs-934l | - | All | All | All |
| Hardware | Dlink | Dcs-934l | - | All | All | All |
| Operating System | Dlink | Dcs-934l Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| D-Link Technical Support | CONFIRM | supportannouncement.us.dlink.com | |
| GitHub - tacnetsol/CVE-2019-10999: Full exploit for D-Link DCS-5020L, POC crash for others that are vulnerable as well. | MISC | github.com | Exploit, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.