D-Link DCS-5020L Buffer Overflow Vulnerability (May 2025)

D-Link DCS-5020L devices are prone to a buffer overflow vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

D-Link DCS-5020L Buffer Overflow Vulnerability

D-Link DCS-5020L is a DCS series IP camera from China AUO D-Link. The D-Link DCS-5020L suffers from a buffer overflow vulnerability, which originates from the parameter Authorization in the file /rame/ptdc.cgi that fails to correctly validate the length of the input data, which can be exploited b...

CVE-2025-5215

A vulnerability classified as critical has been found in D-Link DCS-5020L 1.01B2. This affects the function websReadEvent of the file /rame/ptdc.cgi. The manipulation of the argument Authorization leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit ha...

CVE-2025-5215

A vulnerability classified as critical has been found in D-Link DCS-5020L 1.01B2. This affects the function websReadEvent of the file /rame/ptdc.cgi. The manipulation of the argument Authorization leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit ha...

CVE-2025-5215 D-Link DCS-5020L ptdc.cgi websReadEvent stack-based overflow

A vulnerability classified as critical has been found in D-Link DCS-5020L 1.01B2. This affects the function websReadEvent of the file /rame/ptdc.cgi. The manipulation of the argument Authorization leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit ha...

CVE-2025-5215 D-Link DCS-5020L ptdc.cgi websReadEvent stack-based overflow

A vulnerability classified as critical has been found in D-Link DCS-5020L 1.01B2. This affects the function websReadEvent of the file /rame/ptdc.cgi. The manipulation of the argument Authorization leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit ha...

D-Link DCS-5020L 安全漏洞

D-Link DCS-5020L is a DCS series IP camera from China AUO D-Link. The D-Link DCS-5020L suffers from a buffer overflow vulnerability, which originates from the parameter Authorization in the file /rame/ptdc.cgi that fails to correctly validate the length of the input data, which can be exploited b...

PT-2025-22944 · D Link · D-Link Dcs-5020L

Name of the Vulnerable Software and Affected Versions: D-Link DCS-5020L version 1.01 B2 Description: A critical vulnerability has been found in the function websReadEvent of the file /rame/ptdc.cgi. The manipulation of the Authorization argument leads to a stack-based buffer overflow. It is...

D-Link DCS-5009, DCS-5010 and DCS-5020L Remote Code Execution Vulnerability

D-Link DCS-5009, DCS-5010 and DCS-5020L are all different models of network camera products from AUO D-Link. alphapd is one of the web servers. A remote code execution vulnerability exists in alphapd in the D-Link DCS-5009 with firmware version 1.08.11 and earlier, DCS-5010 with firmware version...

Command injection

On D-Link DCS-5009 devices with firmware 1.08.11 and earlier, DCS-5010 devices with firmware 1.14.09 and earlier, and DCS-5020L devices with firmware before 1.15.01, command injection in alphapd binary responsible for running the camera's web server allows remote authenticated attackers to execut...

PT-2018-6385 · D Link · D-Link Dcs-5009 +2

Name of the Vulnerable Software and Affected Versions: D-Link DCS-5009 versions 1.08.11 and earlier D-Link DCS-5010 versions 1.14.09 and earlier D-Link DCS-5020L versions prior to 1.15.01 Description: The issue allows remote authenticated attackers to execute code through command injection in the...

DLINK DCS-5020L - Remote Code Execution (PoC)

“The DCS-5020L Wireless N Day & Night Pan/Tilt Cloud Camera is a day/night network camera that easily connects to your existing home network for remote viewing on a range of mobile devices. It features pan, tilt and digital zoom function to allow you to see a wider area with a single camera,...

CVE-2017-7852

D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device's settings via a CSRF attack. This is because of the 'allow-access-from domain' child element set to , thus accepting requests from any domain. If a...