10

CVE-2015-2797

Exploit

Stack-based buffer overflow in AirTies Air 6372, 5760, 5750, 5650TT, 5453, 5444TT, 5443, 5442, 5343, 5342, 5341, and 5021 DSL modems with firmware 1.0.2.0 and earlier allows remote attackers to execute arbitrary code via a long string in the redirect parameter to cgi-bin/login.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AirtiesAir Firmware Version <= 1.0.2.0
   AirtiesAir 5021 Version-
   AirtiesAir 5341 Version-
   AirtiesAir 5342 Version-
   AirtiesAir 5343 Version-
   AirtiesAir 5442 Version-
   AirtiesAir 5443 Version-
   AirtiesAir 5444tt Version-
   AirtiesAir 5453 Version-
   AirtiesAir 5650tt Version-
   AirtiesAir 5750 Version-
   AirtiesAir 5760 Version-
   AirtiesAir 6372 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 78.33% 0.99
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.