Dlink Dcs-932L Firmware vulnerabilities

CVE-2025-5572 [HIGH] CWE-119 CVE-2025-5572: A vulnerability was found in D-Link DCS-932L 2.18.01. It has been declared as critical. Affected by A vulnerability was found in D-Link DCS-932L 2.18.01. It has been declared as critical. Affected by this vulnerability is the function setSystemEmail of the file /setSystemEmail. The manipulation of the argument EmailSMTPPortNumber leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and

CVE-2025-5571 [MEDIUM] CWE-77 CVE-2025-5571: A vulnerability was found in D-Link DCS-932L 2.18.01. It has been classified as critical. Affected i A vulnerability was found in D-Link DCS-932L 2.18.01. It has been classified as critical. Affected is the function setSystemAdmin of the file /setSystemAdmin. The manipulation of the argument AdminID leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerabil

CVE-2025-5573 [MEDIUM] CWE-77 CVE-2025-5573: A vulnerability was found in D-Link DCS-932L 2.18.01. It has been rated as critical. Affected by thi A vulnerability was found in D-Link DCS-932L 2.18.01. It has been rated as critical. Affected by this issue is the function setSystemWizard/setSystemControl of the file /setSystemWizard. The manipulation of the argument AdminID leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be us

CVE-2025-4843 [HIGH] CWE-119 CVE-2025-4843: A vulnerability was found in D-Link DCS-932L 2.18.01. It has been classified as critical. This affec A vulnerability was found in D-Link DCS-932L 2.18.01. It has been classified as critical. This affects the function SubUPnPCSInit of the file /sbin/udev. The manipulation of the argument CameraName leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vuln

CVE-2025-4842 [HIGH] CWE-119 CVE-2025-4842: A vulnerability was found in D-Link DCS-932L 2.18.01. It has been declared as critical. This vulnera A vulnerability was found in D-Link DCS-932L 2.18.01. It has been declared as critical. This vulnerability affects the function isUCPCameraNameChanged of the file /sbin/ucp. The manipulation of the argument CameraName leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-4841 [HIGH] CWE-119 CVE-2025-4841: A vulnerability was found in D-Link DCS-932L 2.18.01 and classified as critical. Affected by this is A vulnerability was found in D-Link DCS-932L 2.18.01 and classified as critical. Affected by this issue is the function sub_404780 of the file /bin/gpio. The manipulation of the argument CameraName leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability o

CVE-2024-37606 [MEDIUM] CWE-120 CVE-2024-37606: A Stack overflow vulnerability in D-Link DCS-932L REVB_FIRMWARE_2.18.01 allows attackers to cause a A Stack overflow vulnerability in D-Link DCS-932L REVB_FIRMWARE_2.18.01 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

CVE-2021-41504 [HIGH] CVE-2021-41504: An Elevated Privileges issue exists in D-Link DCS-5000L v1.05 and DCS-932L v2.17 and older. The use An Elevated Privileges issue exists in D-Link DCS-5000L v1.05 and DCS-932L v2.17 and older. The use of the digest-authentication for the devices command interface may allow further attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no lo

CVE-2021-41503 [HIGH] CWE-287 CVE-2021-41503: DCS-5000L v1.05 and DCS-932L v2.17 and older are affecged by Incorrect Acess Control. The use of the DCS-5000L v1.05 and DCS-932L v2.17 and older are affecged by Incorrect Acess Control. The use of the basic authentication for the devices command interface allows attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supp

CVE-2019-10999 [HIGH] CWE-787 CVE-2019-10999: The D-Link DCS series of Wi-Fi cameras contains a stack-based buffer overflow in alphapd, the camera The D-Link DCS series of Wi-Fi cameras contains a stack-based buffer overflow in alphapd, the camera's web server. The overflow allows a remotely authenticated attacker to execute arbitrary code by providing a long string in the WEPEncryption parameter when requesting wireless.htm. Vulnerable devices include DCS-5009L (1.08.11 and below), DCS-5010L (1

CVE-2018-18441 [HIGH] CWE-200 CVE-2018-18441: D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration. The D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration. The affected devices include many of DCS series, such as: DCS-936L, DCS-942L, DCS-8000LH, DCS-942LB1, DCS-5222L, DCS-825L, DCS-2630L, DCS-820L, DCS-855L, DCS-2121, DCS-5222LB1, DCS-5020L, and many more. There are many affected firmware versions starting fr

CVE-2017-7852 [HIGH] CWE-352 CVE-2017-7852: D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Fla D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device's settings via a CSRF attack. This is because of the 'allow-access-from domain' child element set to *, thus accepting requests from any domain. If a victim logged into the camera's web console visits a malici

CVE-2012-4046 [LOW] CWE-200 CVE-2012-4046: The D-Link DCS-932L camera with firmware 1.02 allows remote attackers to discover the password via a The D-Link DCS-932L camera with firmware 1.02 allows remote attackers to discover the password via a UDP broadcast packet, as demonstrated by running the D-Link Setup Wizard and reading the _paramR["P"] value.