Primary

Context

D-Link DCS-932L Stack-Based Buffer Overflow Vulnerability

Vulnerability

A critical stack-based buffer overflow vulnerability has been identified in the D-Link DCS-932L camera, running firmware version 2.18.01. The issue arises in the SubUPnPCSInit function within the /sbin/udev file, where improper handling of the CameraName argument allows for remote exploitation. This vulnerability affects devices that are no longer supported by the manufacturer.

Impact

Exploitation of this vulnerability allows for a stack-based buffer overflow, which could lead to arbitrary code execution or causing the device to crash.

Reproduction

The vulnerability can be reproduced by sending a crafted UPnP request that includes a malicious CameraName argument. This request should be directed to the camera's UPnP service, which will trigger the buffer overflow in the udev process.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

7.5

exploitability

6.2

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

7.5

exploitability

6.2

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

D-Link DCS-932L Stack-Based Buffer Overflow Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

D-Link DCS-932L

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating