cvedb.io
CVE-2017-17020
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2018-05-01T16:29:00.210 · Last modified 2026-06-17T01:10:14.720

Summary

On D-Link DCS-5009 devices with firmware 1.08.11 and earlier, DCS-5010 devices with firmware 1.14.09 and earlier, and DCS-5020L devices with firmware before 1.15.01, command injection in alphapd (binary responsible for running the camera's web server) allows remote authenticated attackers to execute code through sanitized /setSystemAdmin user input in the AdminID field being passed directly to a call to system.

Affected products

dlink — dcs-5009_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when dlink ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.