CVE-2017-17020 - OpenCVE

On D-Link DCS-5009 devices with firmware 1.08.11 and earlier, DCS-5010 devices with firmware 1.14.09 and earlier, and DCS-5020L devices with firmware before 1.15.01, command injection in alphapd (binary responsible for running the camera's web server) allows remote authenticated attackers to execute code through sanitized /setSystemAdmin user input in the AdminID field being passed directly to a call to system.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Dlink	Dcs-5009 Dcs-5009 Firmware Dcs-5010 Dcs-5010 Firmware Dcs-5020l Dcs-5020l Firmware

Configuration 1 [-]

AND

cpe:2.3:o:dlink:dcs-5009_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dcs-5009:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:dlink:dcs-5010_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dcs-5010:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:dlink:dcs-5020l_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dcs-5020l:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10084
https://www.fidusinfosec.com/dlink-dcs-5030l-remote-code-execution-cve-2017-17020/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-05-01T16:00:00

Updated: 2024-08-05T20:43:59.349Z

Reserved: 2017-11-27T00:00:00

Link: CVE-2017-17020

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-05-01T16:29:00.210

Modified: 2023-04-26T19:27:52.350

Link: CVE-2017-17020

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-04-27T00:00:00", "descriptions": [{"lang": "en", "value": "On D-Link DCS-5009 devices with firmware 1.08.11 and earlier, DCS-5010 devices with firmware 1.14.09 and earlier, and DCS-5020L devices with firmware before 1.15.01, command injection in alphapd (binary responsible for running the camera's web server) allows remote authenticated attackers to execute code through sanitized /setSystemAdmin user input in the AdminID field being passed directly to a call to system."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-05-01T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.fidusinfosec.com/dlink-dcs-5030l-remote-code-execution-cve-2017-17020/"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10084"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-17020", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "On D-Link DCS-5009 devices with firmware 1.08.11 and earlier, DCS-5010 devices with firmware 1.14.09 and earlier, and DCS-5020L devices with firmware before 1.15.01, command injection in alphapd (binary responsible for running the camera's web server) allows remote authenticated attackers to execute code through sanitized /setSystemAdmin user input in the AdminID field being passed directly to a call to system."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.fidusinfosec.com/dlink-dcs-5030l-remote-code-execution-cve-2017-17020/", "refsource": "MISC", "url": "https://www.fidusinfosec.com/dlink-dcs-5030l-remote-code-execution-cve-2017-17020/"}, {"name": "http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10084", "refsource": "CONFIRM", "url": "http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10084"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T20:43:59.349Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.fidusinfosec.com/dlink-dcs-5030l-remote-code-execution-cve-2017-17020/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10084"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-17020", "datePublished": "2018-05-01T16:00:00", "dateReserved": "2017-11-27T00:00:00", "dateUpdated": "2024-08-05T20:43:59.349Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dlink:dcs-5009_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "49C903D2-CBE0-40D8-B9B1-F8EA4FAB9CD7", "versionEndIncluding": "1.08.11", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dcs-5009:-:*:*:*:*:*:*:*", "matchCriteriaId": "2B6FCD9B-6546-4FB2-9867-FC4D7AB36A4B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dlink:dcs-5010_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FB172849-0BBE-464E-8927-8BE78241C4D5", "versionEndIncluding": "1.14.09", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dcs-5010:-:*:*:*:*:*:*:*", "matchCriteriaId": "CE256639-E8D7-47C7-9B8D-8267469567AF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dlink:dcs-5020l_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D0EC7C9D-950F-443C-B2B5-065A7BEEECA8", "versionEndIncluding": "1.14.09", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dcs-5020l:-:*:*:*:*:*:*:*", "matchCriteriaId": "B00912CC-6F2F-4F13-BED1-0DCD4DF965DB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "On D-Link DCS-5009 devices with firmware 1.08.11 and earlier, DCS-5010 devices with firmware 1.14.09 and earlier, and DCS-5020L devices with firmware before 1.15.01, command injection in alphapd (binary responsible for running the camera's web server) allows remote authenticated attackers to execute code through sanitized /setSystemAdmin user input in the AdminID field being passed directly to a call to system."}, {"lang": "es", "value": "En dispositivos D-Link DCS-5009 con firmware 1.08.11 y anterior, dispositivos DCS-5010 con firmware 1.14.09 y anterior y dispositivos DCS-5020L con firmware anterior a 1.15.01, la inyecci\u00f3n de comandos en alphapd (binario responsable de ejecutar el servidor web de la c\u00e1mara) permite que los atacantes remotos autenticados ejecuten c\u00f3digo al pasar entradas saneadas de usuario /setSystemAdmin en el campo AdminID directamente a una llamada al sistema."}], "id": "CVE-2017-17020", "lastModified": "2023-04-26T19:27:52.350", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-05-01T16:29:00.210", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10084"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.fidusinfosec.com/dlink-dcs-5030l-remote-code-execution-cve-2017-17020/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}