Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2017-17020

Опубликовано: 01 мая 2018
Источник: nvd
CVSS3: 8.8
CVSS2: 6.5
EPSS Низкий

Описание

On D-Link DCS-5009 devices with firmware 1.08.11 and earlier, DCS-5010 devices with firmware 1.14.09 and earlier, and DCS-5020L devices with firmware before 1.15.01, command injection in alphapd (binary responsible for running the camera's web server) allows remote authenticated attackers to execute code through sanitized /setSystemAdmin user input in the AdminID field being passed directly to a call to system.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:dlink:dcs-5009_firmware:*:*:*:*:*:*:*:*
Версия до 1.08.11 (включая)
cpe:2.3:h:dlink:dcs-5009:-:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

cpe:2.3:o:dlink:dcs-5010_firmware:*:*:*:*:*:*:*:*
Версия до 1.14.09 (включая)
cpe:2.3:h:dlink:dcs-5010:-:*:*:*:*:*:*:*
Конфигурация 3

Одновременно

cpe:2.3:o:dlink:dcs-5020l_firmware:*:*:*:*:*:*:*:*
Версия до 1.14.09 (включая)
cpe:2.3:h:dlink:dcs-5020l:-:*:*:*:*:*:*:*

EPSS

Процентиль: 91%
0.06633
Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-78

Связанные уязвимости

github логотип

GHSA-55r4-xf6q-8cq9

CVSS3: 8.8
github
больше 3 лет назад

On D-Link DCS-5009 devices with firmware 1.08.11 and earlier, DCS-5010 devices with firmware 1.14.09 and earlier, and DCS-5020L devices with firmware before 1.15.01, command injection in alphapd (binary responsible for running the camera's web server) allows remote authenticated attackers to execute code through sanitized /setSystemAdmin user input in the AdminID field being passed directly to a call to system.

EPSS

Процентиль: 91%
0.06633
Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-78