Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

DLINK DCS-5020L - Remote Code Execution (PoC)

🗓️ 27 Mar 2018 00:00:00Reported by Fidus InfoSecurityType 
exploitdb
 exploitdb🔗 www.exploit-db.com👁 67 Views

DLINK DCS-5020L Camera Remote Code Execution Vulnerabilit

Related
Code
ReporterTitlePublishedViews
Family
Circl		CVE-2017-17020
28 Apr 201817:54
circl
CNVD		D-Link DCS-5009, DCS-5010 and DCS-5020L Remote Code Execution Vulnerability
3 May 201800:00
cnvd
CVE		CVE-2017-17020
1 May 201816:00
cve
Cvelist		CVE-2017-17020
1 May 201816:00
cvelist
EUVD		EUVD-2017-8190
7 Oct 202500:30
euvd
exploitpack		DLINK DCS-5020L - Remote Code Execution (PoC)
27 Mar 201800:00
exploitpack
NVD		CVE-2017-17020
1 May 201816:29
nvd
OSV		CVE-2017-17020
1 May 201816:29
osv
Prion		Command injection
1 May 201816:29
prion
Positive Technologies		PT-2018-6385 · D Link · D-Link Dcs-5009 +2
1 May 201800:00
ptsecurity
Rows per page
“The DCS-5020L Wireless N Day & Night Pan/Tilt Cloud Camera is a day/night network camera that easily connects to your existing home network for remote viewing on a range of mobile devices. It features pan, tilt and digital zoom function to allow you to see a wider area with a single camera, built-in Wi-Fi extender to effortlessly expand your wireless coverage, night vision up to 5 metres, sound and motion detection for the ultimate in peace of mind, and H.264 video compression for a high-quality image.”

This walkthrough demonstrates just how easy it can be to find vulnerabilities in Internet of Things (IOT) devices. The process of finding the following command injection can be broken down into 3 steps that are more akin to a 100 point CTF challenge: download binary, run strings, trace input to system call to origin.





An attacker can escape the ‘sed’ command with a simple payload, such as ‘`touch a`’. Another example that fits is AdminID=a’`telnetd`’, which allows a user to login as “a”, which becomes the new root account:

Source: https://www.fidusinfosec.com/dlink-dcs-5030l-remote-code-execution-cve-2017-17020/

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
27 Mar 2018 00:00Current
7High risk
Vulners AI Score7
CVSS 26.5
CVSS 38.8
EPSS0.05795
remote code executiondcs-5020l cameracommand injectioninternet of thingsvulnerabilitysecurity document
67