Primary

Context

D-Link DCS-932L Stack-Based Buffer Overflow Vulnerability

Vulnerability

A critical stack-based buffer overflow vulnerability has been identified in the D-Link DCS-932L camera, specifically in version 2.18.01. The issue arises in the 'isUCPCameraNameChanged' function within the '/sbin/ucp' file, where improper handling of the 'CameraName' argument creates the potential for remote exploitation. This vulnerability affects devices that are no longer supported by the manufacturer.

Impact

Exploitation of this vulnerability allows for a stack-based buffer overflow, which could lead to arbitrary code execution or causing the device to crash.

Reproduction

The vulnerability can be reproduced by sending a crafted request to the '/sbin/ucp' endpoint, specifically targeting the 'CameraName' argument. This request should be made over the network, as the vulnerability can be exploited remotely.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

7.5

exploitability

6.2

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

7.5

exploitability

6.2

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

D-Link DCS-932L Stack-Based Buffer Overflow Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

D-Link DCS-932L

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating