On D-Link DCS-5009 devices with firmware 1.08.11 and previous versions, DCS-5010 devices with firmware 1.14.09 and previous versions, and DCS-5020L devices with firmware prior to 1.15.01, command injection in alphapd (binary responsible for running the camera's web server) allows remote authenticated malicious users to execute code through sanitized /setSystemAdmin user input in the AdminID field being passed directly to a call to system.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
dlink dcs-5009_firmware |
||
dlink dcs-5010_firmware |
||
dlink dcs-5020l_firmware |