Vulnerabilities in D-Link DCS-2530L IP Camera (CVE-2020-25078 and CVE-2020-25079)

Published on 03 Apr 2021

Updated on 03 Apr 2021

SingCERT has received information on vulnerable D-Link DCS-2530L Internet Protocol (IP) cameras in Singapore.

These vulnerabilities are:
CVE-2020-25078 — Allows an unauthenticated attacker to gain access to the remote administrator password of the device.
CVE-2020-25079 — Allows authenticated users to inject and execute arbitrary system commands.

All versions prior to and including v1.05.05 are affected by these vulnerabilities. Users of the affected products are advised to upgrade to the latest firmware immediately.

The Cyber Security Agency of Singapore’s Cybersecurity Labelling Scheme for consumer smart devices, such as smart home hubs and Wi-Fi routers, helps consumers identify products with better cybersecurity provisions. For more information on this scheme, visit: https://go.gov.sg/csa-cls

More information is available here:
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10180