CVE-2017-8410
Description
An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The binary rtspd in /sbin folder of the device handles all the rtsp connections received by the device. It seems that the binary performs a memcpy operation at address 0x00011E34 with the value sent in the "Authorization: Basic" RTSP header and stores it on the stack. The number of bytes to be copied are calculated based on the length of the string sent in the RTSP header by the client. As a result, memcpy copies more data then it can hold on stack and this results in corrupting the registers for the caller function sub_F6CC which results in memory corruption. The severity of this attack is enlarged by the fact that the same value is then copied on the stack in the function 0x00011378 and this allows to overflow the buffer allocated and thus control the PC register which will result in arbitrary code execution on the device.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Stack buffer overflow in D-Link DCS-1100/1130 RTSP daemon allows remote unauthenticated attackers to achieve arbitrary code execution.
Vulnerability
The vulnerability resides in the rtspd binary located in /sbin on D-Link DCS-1100 and DCS-1130 devices. The binary handles RTSP connections and performs a memcpy operation at address 0x00011E34 using the value sent in the Authorization: Basic RTSP header. The number of bytes copied is calculated from the length of the header string, but no bounds checking is performed, leading to a stack buffer overflow. This overflow corrupts registers in the caller function sub_F6CC and subsequently allows overwriting the stack buffer in function 0x00011378, enabling control of the program counter (PC) register. All firmware versions of these devices are likely affected [1][2].
Exploitation
An attacker can exploit this vulnerability by sending a crafted RTSP request to the device's RTSP port (typically TCP 554) without any prior authentication. The request must include an overly long Authorization: Basic header value. The memcpy copies more data than the stack buffer can hold, corrupting registers and eventually allowing the attacker to overwrite the PC register. No user interaction or special network position is required beyond network access to the device [1][2].
Impact
Successful exploitation results in arbitrary code execution on the device. The attacker gains full control over the affected D-Link DCS-1100 or DCS-1130 camera, likely with root privileges, as the rtspd process runs with elevated permissions. This can lead to complete compromise of the device, including access to video feeds, network pivoting, and potential use in botnets [1][2].
Mitigation
As of the publication date, no official firmware patch has been released by D-Link for this vulnerability. The devices may be end-of-life. Mitigation strategies include disabling the RTSP service if not required, restricting network access to the device via firewall rules, and segmenting IoT devices on a separate VLAN. Users should monitor vendor advisories for any future updates [1][2].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- D-Link/DCS-1100 and DCS-1130 devicesdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- packetstormsecurity.com/files/153226/Dlink-DCS-1130-Command-Injection-CSRF-Stack-Overflow.htmlmitrex_refsource_MISC
- github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Dlink_DCS_1130_security.pdfmitrex_refsource_MISC
- seclists.org/bugtraq/2019/Jun/8mitremailing-listx_refsource_BUGTRAQ
News mentions
0No linked articles in our index yet.