CVE-2019-10999 - Vulnerability Details

The D-Link DCS series of Wi-Fi cameras contains a stack-based buffer overflow in alphapd, the camera's web server. The overflow allows a remotely authenticated attacker to execute arbitrary code by providing a long string in the WEPEncryption parameter when requesting wireless.htm. Vulnerable devices include DCS-5009L (1.08.11 and below), DCS-5010L (1.14.09 and below), DCS-5020L (1.15.12 and below), DCS-5025L (1.03.07 and below), DCS-5030L (1.04.10 and below), DCS-930L (2.16.01 and below), DCS-931L (1.14.11 and below), DCS-932L (2.17.01 and below), DCS-933L (1.14.11 and below), and DCS-934L (1.05.04 and below).

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Dlink	Dcs-5009l Dcs-5009l Firmware Dcs-5010l Dcs-5010l Firmware Dcs-5020l Dcs-5020l Firmware Dcs-5025l Dcs-5025l Firmware Dcs-5030l Dcs-5030l Firmware Dcs-930l Dcs-930l Firmware Dcs-931l Dcs-931l Firmware Dcs-932l Dcs-932l Firmware Dcs-933l Dcs-933l Firmware Dcs-934l Dcs-934l Firmware

Configuration 1 [-]

AND

cpe:2.3:o:dlink:dcs-930l_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dcs-930l:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:dlink:dcs-931l_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dcs-931l:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:dlink:dcs-932l_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dcs-932l:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:dlink:dcs-933l_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dcs-933l:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:dlink:dcs-934l_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dcs-934l:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:dlink:dcs-5009l_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dcs-5009l:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:dlink:dcs-5010l_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dcs-5010l:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:dlink:dcs-5020l_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dcs-5020l:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:dlink:dcs-5025l_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dcs-5025l:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:dlink:dcs-5030l_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dcs-5030l:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/fuzzywalls/CVE-2019-10999
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10131

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-05-06T19:30:57

Updated: 2024-08-04T22:40:15.983Z

Reserved: 2019-04-08T00:00:00

Link: CVE-2019-10999

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-05-06T20:29:01.210

Modified: 2024-11-21T04:20:19.520

Link: CVE-2019-10999

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object