CVE-2025-10779 is a high-severity stack-based buffer overflow vulnerability affecting the D-Link DCS-935L IP camera, specifically versions up to 1.13.01. The vulnerability resides in the function sub_402280 within the /HNAP1/ service endpoint, which processes SOAPAction headers related to HNAP_AUTH. Improper handling and validation of these headers allow an attacker to craft a malicious request that triggers a stack-based buffer overflow. This overflow can lead to arbitrary code execution or denial of service on the affected device. The vulnerability is remotely exploitable without requiring user interaction or authentication, making it particularly dangerous. Although the exploit code has been publicly disclosed, there are no confirmed reports of active exploitation in the wild. Importantly, the affected devices are no longer supported by D-Link, meaning no official patches or firmware updates are available to remediate this issue. This lack of vendor support significantly increases the risk for organizations still operating these devices, as they remain exposed to potential attacks without vendor-provided fixes.

For European organizations, the impact of this vulnerability can be substantial, especially for those relying on D-Link DCS-935L cameras for physical security, surveillance, or monitoring. Successful exploitation could allow attackers to gain control over the camera, potentially enabling espionage, unauthorized surveillance, or pivoting into internal networks. The compromise of these devices could lead to breaches of confidentiality, as video feeds and sensitive data may be intercepted or manipulated. Additionally, attackers could disrupt availability by causing device crashes or network outages. Given the remote exploitability and lack of authentication requirements, attackers can launch attacks from anywhere, increasing the threat surface. Organizations in sectors such as critical infrastructure, government, healthcare, and finance that use these cameras may face increased risks of targeted attacks or espionage. The absence of vendor support means organizations must rely on compensating controls, increasing operational complexity and cost.

Since no official patches are available due to the end-of-life status of the DCS-935L, European organizations should prioritize the following mitigations: 1) Immediate network segmentation to isolate affected cameras from critical internal networks, limiting lateral movement opportunities. 2) Deploy strict firewall rules to restrict inbound and outbound traffic to and from these devices, allowing only trusted management hosts. 3) Disable or restrict remote access to the cameras, especially blocking access to the /HNAP1/ endpoint if possible. 4) Replace affected devices with supported models that receive regular security updates to eliminate the vulnerability entirely. 5) Implement continuous network monitoring and intrusion detection systems to identify anomalous traffic patterns or exploitation attempts targeting these devices. 6) Conduct regular security audits of IoT and surveillance infrastructure to identify unsupported or vulnerable devices. 7) Educate IT and security teams about the risks associated with legacy IoT devices and the importance of timely decommissioning.