Sign-up

ID

VAR-202505-1740


CVE

CVE-2025-4843


TITLE

D-Link Systems, Inc.  of  DCS-932L  Buffer error vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-006246

DESCRIPTION

A vulnerability was found in D-Link DCS-932L 2.18.01. It has been classified as critical. This affects the function SubUPnPCSInit of the file /sbin/udev. The manipulation of the argument CameraName leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DCS-932L The firmware contains a buffer error vulnerability, a stack-based buffer overflow vulnerability, and an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DCS-932L is a network surveillance camera from D-Link, a Chinese company. It is used for security and monitoring. The vulnerability is caused by the parameter CameraName in the file /sbin/udev failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Trust: 2.16

sources: NVD: CVE-2025-4843 // JVNDB: JVNDB-2025-006246 // CNVD: CNVD-2025-10949

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-10949

AFFECTED PRODUCTS

vendor:dlinkmodel:dcs-932lscope:eqversion:2.18.01

Trust: 1.0

vendor:d linkmodel:dcs-932lscope:eqversion:dcs-932l firmware 2.18.01

Trust: 0.8

vendor:d linkmodel:dcs-932lscope:eqversion: -

Trust: 0.8

vendor:d linkmodel:dcs-932lscope: - version: -

Trust: 0.8

vendor:d linkmodel:dcs-932lscope:eqversion:2.18.01

Trust: 0.6

sources: CNVD: CNVD-2025-10949 // JVNDB: JVNDB-2025-006246 // NVD: CVE-2025-4843

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-4843
value: HIGH

Trust: 1.0

nvd@nist.gov: CVE-2025-4843
value: CRITICAL

Trust: 1.0

OTHER: JVNDB-2025-006246
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2025-10949
value: HIGH

Trust: 0.6

cna@vuldb.com: CVE-2025-4843
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-006246
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2025-10949
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2025-4843
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2025-4843
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2025-006246
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-10949 // JVNDB: JVNDB-2025-006246 // NVD: CVE-2025-4843 // NVD: CVE-2025-4843

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.0

problemtype:CWE-121

Trust: 1.0

problemtype:CWE-787

Trust: 1.0

problemtype:Buffer error (CWE-119) [ others ]

Trust: 0.8

problemtype: Stack-based buffer overflow (CWE-121) [ others ]

Trust: 0.8

problemtype: Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-006246 // NVD: CVE-2025-4843

EXTERNAL IDS

db:NVDid:CVE-2025-4843

Trust: 3.2

db:VULDBid:309309

Trust: 1.8

db:JVNDBid:JVNDB-2025-006246

Trust: 0.8

db:CNVDid:CNVD-2025-10949

Trust: 0.6

sources: CNVD: CNVD-2025-10949 // JVNDB: JVNDB-2025-006246 // NVD: CVE-2025-4843

REFERENCES

url:https://github.com/beacox/iot_vuln/tree/main/d-link/dcs-932l/udev_bof

Trust: 2.4

url:https://vuldb.com/?id.309309

Trust: 1.8

url:https://vuldb.com/?submit.574926

Trust: 1.8

url:https://www.dlink.com/

Trust: 1.8

url:https://vuldb.com/?ctiid.309309

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-4843

Trust: 0.8

sources: CNVD: CNVD-2025-10949 // JVNDB: JVNDB-2025-006246 // NVD: CVE-2025-4843

SOURCES

db:CNVDid:CNVD-2025-10949
db:JVNDBid:JVNDB-2025-006246
db:NVDid:CVE-2025-4843

LAST UPDATE DATE

2025-06-06T23:10:40.113000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-10949date:2025-05-29T00:00:00
db:JVNDBid:JVNDB-2025-006246date:2025-06-05T01:34:00
db:NVDid:CVE-2025-4843date:2025-06-04T20:11:36.947

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-10949date:2025-05-29T00:00:00
db:JVNDBid:JVNDB-2025-006246date:2025-06-05T00:00:00
db:NVDid:CVE-2025-4843date:2025-05-18T00:15:18.233