Sign-up

ID

VAR-201905-1066


CVE

CVE-2019-10999


TITLE

plural D-Link DCS series Product Wi-Fi camera Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-004361

DESCRIPTION

The D-Link DCS series of Wi-Fi cameras contains a stack-based buffer overflow in alphapd, the camera's web server. The overflow allows a remotely authenticated attacker to execute arbitrary code by providing a long string in the WEPEncryption parameter when requesting wireless.htm. Vulnerable devices include DCS-5009L (1.08.11 and below), DCS-5010L (1.14.09 and below), DCS-5020L (1.15.12 and below), DCS-5025L (1.03.07 and below), DCS-5030L (1.04.10 and below), DCS-930L (2.16.01 and below), DCS-931L (1.14.11 and below), DCS-932L (2.17.01 and below), DCS-933L (1.14.11 and below), and DCS-934L (1.05.04 and below). plural D-Link DCS series Product Wi-Fi camera Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DCS-5009L and so on are all DCS series IP cameras produced by Taiwan D-Link Company. Alphapd in several D-Link products has a stack-based buffer overflow vulnerability. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. The following products and versions are affected: D-Link DCS-5009L 1.08.11 and earlier; DCS-5010L 1.14.09 and earlier; DCS-5020L 1.15.12 and earlier; DCS-5025L 1.03.07 and earlier; DCS-5030L 1.04.10 and earlier; DCS-930L 2.16.01 and earlier; DCS-931L 1.14.11 and earlier; DCS-932L 2.17.01 and earlier; DCS-933L 1.14.11 and earlier; DCS-934L 1.05.04 and earlier versions

Trust: 1.8

sources: NVD: CVE-2019-10999 // JVNDB: JVNDB-2019-004361 // VULHUB: VHN-142601 // VULMON: CVE-2019-10999

IOT TAXONOMY

category:['camera device']sub_category:camera

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:dlinkmodel:dcs-934lscope:lteversion:1.05.04

Trust: 1.0

vendor:dlinkmodel:dcs-5030lscope:lteversion:1.04.10

Trust: 1.0

vendor:dlinkmodel:dcs-5009lscope:lteversion:1.08.11

Trust: 1.0

vendor:dlinkmodel:dcs-932lscope:lteversion:2.17.01

Trust: 1.0

vendor:dlinkmodel:dcs-931lscope:lteversion:1.14.11

Trust: 1.0

vendor:dlinkmodel:dcs-933lscope:lteversion:1.14.11

Trust: 1.0

vendor:dlinkmodel:dcs-5025lscope:lteversion:1.03.07

Trust: 1.0

vendor:dlinkmodel:dcs-930lscope:lteversion:2.16.01

Trust: 1.0

vendor:dlinkmodel:dcs-5010lscope:lteversion:1.14.09

Trust: 1.0

vendor:dlinkmodel:dcs-5020lscope:lteversion:1.15.12

Trust: 1.0

vendor:d linkmodel:dcs-5009lscope:lteversion:1.08.11

Trust: 0.8

vendor:d linkmodel:dcs-5010lscope:lteversion:1.14.09

Trust: 0.8

vendor:d linkmodel:dcs-5020lscope:lteversion:1.15.12

Trust: 0.8

vendor:d linkmodel:dcs-5025lscope:lteversion:1.03.07

Trust: 0.8

vendor:d linkmodel:dcs-5030lscope:lteversion:1.04.10

Trust: 0.8

vendor:d linkmodel:dcs-930lscope:lteversion:2.16.01

Trust: 0.8

vendor:d linkmodel:dcs-931lscope:lteversion:1.14.11

Trust: 0.8

vendor:d linkmodel:dcs-932lscope:lteversion:2.17.01

Trust: 0.8

vendor:d linkmodel:dcs-933lscope:lteversion:1.14.11

Trust: 0.8

vendor:d linkmodel:dcs-934lscope:lteversion:1.05.04

Trust: 0.8

sources: JVNDB: JVNDB-2019-004361 // NVD: CVE-2019-10999

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-10999
value: HIGH

Trust: 1.0

NVD: CVE-2019-10999
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201905-138
value: HIGH

Trust: 0.6

VULHUB: VHN-142601
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-10999
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-10999
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-142601
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-10999
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-142601 // VULMON: CVE-2019-10999 // JVNDB: JVNDB-2019-004361 // CNNVD: CNNVD-201905-138 // NVD: CVE-2019-10999

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

problemtype:CWE-119

Trust: 0.9

sources: VULHUB: VHN-142601 // JVNDB: JVNDB-2019-004361 // NVD: CVE-2019-10999

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-138

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201905-138

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-004361

PATCH
title:Top Pageurl:https://www.dlink.com/en/consumer
Trust: 0.8
title:CVE-2019-10999url:https://github.com/qjh2333/CVE-2019-10999 
Trust: 0.1
title:PoC-in-GitHuburl:https://github.com/developer3000S/PoC-in-GitHub 
Trust: 0.1
title: - url:https://github.com/khulnasoft-lab/awesome-security 
Trust: 0.1
title:PoC-in-GitHuburl:https://github.com/hectorgie/PoC-in-GitHub 
Trust: 0.1
title:CVE-POCurl:https://github.com/0xT11/CVE-POC 
Trust: 0.1
title:PoC-in-GitHuburl:https://github.com/nomi-sec/PoC-in-GitHub 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-10999 // 
            
            
            
            JVNDB: JVNDB-2019-004361

EXTERNAL IDS
db:NVDid:CVE-2019-10999
Trust: 2.7
db:DLINKid:SAP10131
Trust: 1.8
db:JVNDBid:JVNDB-2019-004361
Trust: 0.8
db:CNNVDid:CNNVD-201905-138
Trust: 0.7
db:OTHERid:NONE
Trust: 0.1
db:VULHUBid:VHN-142601
Trust: 0.1
db:VULMONid:CVE-2019-10999
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            VULHUB: VHN-142601 // 
            
            
            
            VULMON: CVE-2019-10999 // 
            
            
            
            JVNDB: JVNDB-2019-004361 // 
            
            
            
            CNNVD: CNNVD-201905-138 // 
            
            
            
            NVD: CVE-2019-10999

REFERENCES
url:https://github.com/fuzzywalls/cve-2019-10999
Trust: 2.6
url:https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10131
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-10999
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10999
Trust: 0.8
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/787.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/qjh2333/cve-2019-10999
Trust: 0.1
url:https://github.com/nomi-sec/poc-in-github
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            VULHUB: VHN-142601 // 
            
            
            
            VULMON: CVE-2019-10999 // 
            
            
            
            JVNDB: JVNDB-2019-004361 // 
            
            
            
            CNNVD: CNNVD-201905-138 // 
            
            
            
            NVD: CVE-2019-10999

SOURCES
db:OTHERid: - 
db:VULHUBid:VHN-142601
db:VULMONid:CVE-2019-10999
db:JVNDBid:JVNDB-2019-004361
db:CNNVDid:CNNVD-201905-138
db:NVDid:CVE-2019-10999

LAST UPDATE DATE
2025-01-30T20:44:51.193000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-142601date:2020-08-24T00:00:00
db:VULMONid:CVE-2019-10999date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-004361date:2019-05-31T00:00:00
db:CNNVDid:CNNVD-201905-138date:2020-08-25T00:00:00
db:NVDid:CVE-2019-10999date:2024-11-21T04:20:19.520

SOURCES RELEASE DATE
db:VULHUBid:VHN-142601date:2019-05-06T00:00:00
db:VULMONid:CVE-2019-10999date:2019-05-06T00:00:00
db:JVNDBid:JVNDB-2019-004361date:2019-05-31T00:00:00
db:CNNVDid:CNNVD-201905-138date:2019-05-06T00:00:00
db:NVDid:CVE-2019-10999date:2019-05-06T20:29:01.210