Support Announcements
DCS-930L/DCS-931L/DCS-932L/DCS-933L/DCS-934L/DCS-5009L/DCS-5010L/DCS-5020L/DCS-5025L/DCS-5030L :: CVE-2019-10999 :: Stack Buffer Overflow

Overview  

 

 

A recent report indicates that the  DCS-5009L (FW 1.08.11 and below), DCS-5010L (FW 1.14.09 and below), DCS-5020L (FW 1.15.12 and below), DCS-5025L (FW 1.03.07 and below), DCS-5030L (FW 1.04.10 and below), DCS-930L (FW 2.16.01 and below), DCS-931L (FW 1.14.11 and below), DCS-932L (FW 2.17.01 and below), DCS-933L (FW 1.14.11 and below), and DCS-934L (FW 1.05.04 and below) are affected by of Stack Buffer Overflow security vulnerability filed as CVE-2019-10999.

 

D-Link takes the issues of network security and user privacy very seriously. We have a dedicated task force and product management team on call to address evolving security issues and implement appropriate security measures. 

   

Disclosure   

 

     CVE-2019-10999

          - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10999

          - https://nvd.nist.gov/vuln/detail/CVE-2019-10999

          - https://github.com/fuzzywalls/CVE-2019-10999

   
Affected Products

 

We have updated firmware for each devide model which should be easily upgradeable through the D-Link mydlink mobile application you are using to interoperate with the camera(s).

 

Model HW Rev. Affected FW Fixed FW Recommendation Info Last Update
DCS-930L All HW Rev B v2.16.01 and below v2.17.03 Use mydlink Lite Mobile App to update 03/2019
DCS-931L All HW Rev A v1.14.11 and below v1.15.01 Use mydlink Lite Mobile App to update 06/2019
DCS-932L All HW Rev B v2.17.01 and below v2.18.01 Use mydlink Lite Mobile App to update 05/2019
DCS-933L All HW Rev A v1.14.11 and below v1.15.01 Use mydlink Lite Mobile App to update 06/2019
DCS-934L  All HW Rev A  v1.05.04 and below  v1.07.01  Use mydlink Lite Mobile App to update
06/2019
DCS-5009L  All HW Rev A v1.08.11 and below  v1.1001 Use mydlink Lite Mobile App to update 07/2019
DCS-5010L  All HW Rev A  v1.14.09 and below  v1.16.01  Use mydlink Lite Mobile App to update 06/2019
DCS-5020L   All HW Rev A  v1.15.12 and below v1.16.01   Use mydlink Lite Mobile App to update 06/2019
DCS-5025L  All HW Rev A v1.03.07 and below  v1.04.02 Use mydlink Home or Lite App to update 06/2019
DCS-5030L All HW Rev A v1.04.10 and below v1.06.02 Use mydlink Lite Mobile App to update 03/2019

 
 

Recommendations


To mitigate the risks, we strongly encourage owners/users to upgrade to the latest firmware available for your device.

 

 

Security patch for your D-Link Devices


This firmware is an update security vulnerabilities in affected D-Link devices. D-Link will update this continually and we strongly recommend all users to install this relevant updates.

 

As there are different hardware revisions on our products, please check this on your device before downloading the correct corresponding firmware update. The hardware revision information can usually be found on the product label on the underside of the product next to the serial number. Alternatively, they can also be found on the device web configuration.