Support Announcements
DCS-5020L/5010L/5009L :: CVE-2017-17020 Authenticated RCE vulnerability


CVE-2017-17020: DCS-5020L, DCS-5010L, and DCS-5009L Authenticated RCE vulnerability


Tim Carrington ::




Author's Blog Post ::


November 22, 2017 Report Submitted
April 27, 2017 DCS-5020L Patch Released, Other Cameras  pending released (updated 06/14/18)

Affected Models

DCS-5009         H/W Revision Ax        Firmware 1.08.11 and before        Under Development
DCS-5010         H/W Revision Ax        Firmware 1.14.09 and before        Under Development
DCS-5020         H/W Revision Ax        Firmware 1.14.09 and before        Patch 1.15.12 or mydlink mobile app

Security patch for your D-Link Devices

This firmware is an update security vulnerabilities in affected D-Link devices. We are releasing it as a BETA at this time, and will update with a firmware that has passed our long-term quality assurance testing at a later time. D-Link will update this continually and we strongly recommend all users to install this relevant updates.


As there are different hardware revisions on our products, please check this on your device before downloading the correct corresponding firmware update. The hardware revision information can usually be found on the product label on the underside of the product next to the serial number. Alternatively, they can also be found on the device web configuration.