Vulnerabilities > Dlink > DCS 5020L Firmware > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-06 | CVE-2019-10999 | Out-of-bounds Write vulnerability in Dlink products The D-Link DCS series of Wi-Fi cameras contains a stack-based buffer overflow in alphapd, the camera's web server. | 8.8 |
| 2018-12-20 | CVE-2018-18441 | Information Exposure vulnerability in multiple products D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration. | 7.5 |
| 2018-05-01 | CVE-2017-17020 | OS Command Injection vulnerability in Dlink products On D-Link DCS-5009 devices with firmware 1.08.11 and earlier, DCS-5010 devices with firmware 1.14.09 and earlier, and DCS-5020L devices with firmware before 1.15.01, command injection in alphapd (binary responsible for running the camera's web server) allows remote authenticated attackers to execute code through sanitized /setSystemAdmin user input in the AdminID field being passed directly to a call to system. | 8.8 |
| 2017-04-24 | CVE-2017-7852 | Cross-Site Request Forgery (CSRF) vulnerability in Dlink products D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device's settings via a CSRF attack. | 8.8 |