Support Announcements
DCS-5020L/5010L/5009L :: CVE-2017-17020 Authenticated RCE vulnerability

Overview

CVE-2017-17020: DCS-5020L, DCS-5010L, and DCS-5009L Authenticated RCE vulnerability

Accreditation

Tim Carrington ::  Tim@fidusinfosec.com

 

References

 

Author's Blog Post :: https://www.fidusinfosec.com/dlink-dcs-5030l-remote-code-execution-cve-2017-17020/

Dates

November 22, 2017 Report Submitted
April 27, 2017 DCS-5020L Patch Released, Other Cameras  pending released (updated 06/14/18)

Affected Models


DCS-5009         H/W Revision Ax        Firmware 1.08.11 and before        Under Development
DCS-5010         H/W Revision Ax        Firmware 1.14.09 and before        Under Development
DCS-5020         H/W Revision Ax        Firmware 1.14.09 and before        Patch 1.15.12 or mydlink mobile app


Security patch for your D-Link Devices


This firmware is an update security vulnerabilities in affected D-Link devices. We are releasing it as a BETA at this time, and will update with a firmware that has passed our long-term quality assurance testing at a later time. D-Link will update this continually and we strongly recommend all users to install this relevant updates.

 

As there are different hardware revisions on our products, please check this on your device before downloading the correct corresponding firmware update. The hardware revision information can usually be found on the product label on the underside of the product next to the serial number. Alternatively, they can also be found on the device web configuration.