Overview
Multiple D-Link IP camera models listed below are affected by a stack buffer overflow vulnerability identified as CVE-2019-10999. This vulnerability impacts specific firmware versions and may allow memory corruption under certain conditions.
D-Link takes network security and user privacy seriously. A dedicated security response and product management team evaluated this issue and released firmware updates for supported models.
Users should review the affected product list and apply the appropriate firmware updates as recommended.
Third-Party Report Information
Report 1: CVE-2019-10999
Reference:
- MITRE CVE Database
- NVD (NIST)
- Public research repository
Title: Stack buffer overflow vulnerability affecting D-Link IP cameras
CWE: CWE-121 Stack-based Buffer Overflow
CVSS Scores
Public vulnerability databases rate this issue as high severity due to memory corruption risk. Exploitation impact depends on network exposure and device configuration.
Note:
This CVE appears in public vulnerability databases and was responsibly disclosed. Firmware updates are available for supported products. Some affected models have since reached End of Life or End of Service Life and no longer receive updates.
Description
CVE-2019-10999 is a stack buffer overflow vulnerability affecting multiple D-Link IP camera models. The issue may allow unintended memory overwrite when handling malformed input, potentially leading to instability or unauthorized behavior.
D-Link released firmware updates for supported devices to address this issue.
Affected Products and Firmware Status
|
Model
|
HW Rev.
|
Affected FW
|
Fixed FW
|
Recommendation
|
EOL/EOS DATE |
Info Last Update
|
|
DCS-930L
|
All HW Rev B
|
v2.16.01 and below
|
v2.17.03
|
Use mydlink Lite Mobile App to update
|
10/31/18 |
01/30/2023
|
|
DCS-931L
|
All HW Rev A
|
v1.14.11 and below
|
v1.15.01
|
Use mydlink Lite Mobile App to update
|
06/30/20 |
01/30/2023
|
|
DCS-932L
|
All HW Rev B
|
v2.17.01 and below
|
v2.18.01
|
Use mydlink Lite Mobile App to update
|
09/01/23
|
01/30/2023
|
|
DCS-933L
|
All HW Rev A
|
v1.14.11 and below
|
v1.15.01
|
Use mydlink Lite Mobile App to update
|
06/30/20 |
01/30/2023
|
|
DCS-934L
|
All HW Rev A
|
v1.05.04 and below
|
v1.07.01
|
Use mydlink Lite Mobile App to update
|
06/30/20 |
01/30/2023
|
|
DCS-5000L
|
All HW
|
v1.04.01 and below
|
Not Available
|
Non-US Product EOL/EOS
|
12/01/21 |
01/22/2026
|
|
DCS-5009L
|
All HW Rev A
|
v1.08.11 and below
|
v1.1001
|
Use mydlink Lite Mobile App to update
|
09/30/20 |
01/30/2023
|
|
DCS-5010L
|
All HW Rev A
|
v1.14.09 and below
|
v1.16.01
|
Use mydlink Lite Mobile App to update
|
01/31/21 |
01/30/2023
|
|
DCS-5020L
|
All HW Rev A
|
v1.15.12 and below
|
v1.16.01
|
Use mydlink Lite Mobile App to update
|
01/31/21 |
01/30/2023
|
|
DCS-5025L
|
All HW Rev A
|
v1.03.07 and below
|
v1.04.02
|
Use mydlink Home or Lite App to update
|
06/30/20 |
01/30/2023
|
|
DCS-5030L
|
All HW Rev A
|
v1.04.10 and below
|
v1.06.02
|
Use mydlink Lite Mobile App to update
|
06/30/21 |
01/30/2023
|
Recommendations
D-Link strongly advises all users to upgrade to the latest available firmware for their device.
Firmware updates mitigate known security vulnerabilities and improve product stability.
Guidance for Firmware Updates
- Verify the hardware revision printed on the product label or within the device web interface.
- Download and install the correct firmware version for your hardware revision.
- Use the mydlink Home or mydlink Lite mobile application where supported.
Security Update Policy
D-Link continues to evaluate reported vulnerabilities and releases firmware updates for supported products. Devices that have reached EOL or EOS no longer receive security updates.
Continued use of unsupported devices occurs at the user’s own risk.