CVE-2025-5572
Published: 04 June 2025
Summary
CVE-2025-5572 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Dlink Dcs-932L Firmware. Its CVSS base score is 8.7 (High).
Operationally, ranked in the top 20.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
A stack-based buffer overflow vulnerability exists in the D-Link DCS-932L firmware version 2.18.01. The flaw resides in the setSystemEmail function within the /setSystemEmail endpoint, where unsanitized input to the EmailSMTPPortNumber argument can trigger memory corruption. The issue is tracked under CVE-2025-5572 with a CVSS v4 score of 8.7 and is classified under CWE-119, CWE-121, and CWE-787. The affected camera model is no longer supported by the vendor.
Remote attackers with authenticated access can supply a crafted SMTP port value to overflow the stack buffer. Successful exploitation grants full control over the confidentiality, integrity, and availability of the device, enabling arbitrary code execution or denial of service. Public exploit code has already been published, lowering the barrier for attackers.
Vendor references indicate that the DCS-932L line reached end-of-life prior to disclosure, so no official patches or firmware updates are available. Security practitioners are advised to isolate or replace the hardware, as the public proof-of-concept can be leveraged directly against exposed management interfaces.
The associated EPSS score remains low and unchanged at 0.0122, indicating limited observed exploitation activity to date despite the public disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-16840
Vulnerability details
A vulnerability was found in D-Link DCS-932L 2.18.01. It has been declared as critical. Affected by this vulnerability is the function setSystemEmail of the file /setSystemEmail. The manipulation of the argument EmailSMTPPortNumber leads to stack-based buffer overflow. The attack can…
more
be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Memory protections (e.g., W^X, ASLR) make exploitation of buffer-boundary violations far harder to turn into code execution.
Ongoing control assessments and code testing (static/dynamic analysis, fuzzing) surface memory buffer restriction failures, which are then remediated before release.
Managed runtimes used by platform-independent applications (e.g., JVM, CLR) enforce memory safety, preventing most buffer overflows that require direct memory manipulation.
Detects exploitation attempts that produce memory corruption, crashes, or anomalous behavior.