D-Link Forums

The Graveyard - Products No Longer Supported => IP Cameras => DCS-5030L => Topic started by: FurryNutz on May 09, 2019, 07:28:53 AM

Title: New - DCS-5030L Firmware 1.06 B02 - Security FW Released
Post by: FurryNutz on May 09, 2019, 07:28:53 AM
Firmware:   v1.06 B02   5/08/2019

Problems Fixed:
In November 28, 2018, D-Link becamea aware of a 3rd Party security researcher that accused the DCS-5020L Hardware Rev. Ax of a command injection vulnerability in the web-GUI.

After an investigation, this vulnerability is only accessable via the local-network since the cameras Web-GUI only responds on the same subnet was the PC Host web-browser. and not directly from the internet (WAN-side))

3rd Party Report:
Evan Walls :: Link to Contact
CVE-2019-10999 :: https://nvd.nist.gov/vuln/detail/CVE-2019-10999
Github :: https://github.com/fuzzywalls/CVE-2019-10999
Onward Security :: http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201905-138

Details
Note: The exploit requires credentials to be successful.
There exists an authenticated buffer overflow vulnerability in the accused cameras  that can be exploited by malicious users. It occurs when a large string is passed in the WEPEncryption parameter provided to wireless.htm. The variable is expected to be a single character of some value between 0 and 4 based on radio buttons selected by the user. Because of this assumption the length of the string is never verified and passed directly to strcpy() which copies directly to a stack variable. This overwrite can be used to gain control of the return address and possible to execute arbitrary code.

New Features:
None

DCS-5030L  FW can be downloaded here: DCS-5030L (https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10114)


Please post your comments and observations as a reply to this thread.

 :)  ;)  :)