Lucene search
PRIOn knowledge basePRION:CVE-2017-17020HistoryMay 01, 2018 - 4:29 p.m.
Command injection
2018-05-0116:29:00
PRIOn knowledge base
www.prio-n.com
2
On D-Link DCS-5009 devices with firmware 1.08.11 and earlier, DCS-5010 devices with firmware 1.14.09 and earlier, and DCS-5020L devices with firmware before 1.15.01, command injection in alphapd (binary responsible for running the camera’s web server) allows remote authenticated attackers to execute code through sanitized /setSystemAdmin user input in the AdminID field being passed directly to a call to system.
| CPE | Name | Operator | Version |
|---|---|---|---|
| dcs-5009_firmware | le | 1.08.11 | |
| dcs-5010_firmware | le | 1.14.09 | |
| dcs-5020l_firmware | le | 1.14.09 |
Related
cve
cve
CVE-2017-17020
2018-05-01 16:29:00
exploitpack
exploitpack
DLINK DCS-5020L - Remote Code Execution (PoC)
2018-03-27 00:00:00
nvd
nvd
CVE-2017-17020
2018-05-01 16:29:00
cvelist
cvelist
CVE-2017-17020
2018-05-01 16:00:00
exploitdb
exploitdb
DLINK DCS-5020L - Remote Code Execution (PoC)
2018-03-27 00:00:00