10

CVE-2016-1558

Buffer overflow in D-Link DAP-2310 2.06 and earlier, DAP-2330 1.06 and earlier, DAP-2360 2.06 and earlier, DAP-2553 H/W ver. B1 3.05 and earlier, DAP-2660 1.11 and earlier, DAP-2690 3.15 and earlier, DAP-2695 1.16 and earlier, DAP-3320 1.00 and earlier, and DAP-3662 1.01 and earlier allows remote attackers to have unspecified impact via a crafted 'dlink_uid' cookie.

Data is provided by the National Vulnerability Database (NVD)
DlinkDap-3662 Firmware Version1.01
   DlinkDap-3662 Version-
DlinkDap-2310 Firmware Version2.06
   DlinkDap-2310 Version-
DlinkDap-2330 Firmware Version1.06
   DlinkDap-2330 Version-
DlinkDap-2360 Firmware Version2.06
   DlinkDap-2360 Version-
DlinkDap-2553 Firmware Version3.05
   DlinkDap-2553 Version-
DlinkDap-2660 Firmware Version1.11
   DlinkDap-2660 Version-
DlinkDap-2690 Firmware Version3.15
   DlinkDap-2690 Version-
DlinkDap-2695 Firmware Version1.16
   DlinkDap-2695 Version-
DlinkDap-3320 Firmware Version1.00
   DlinkDap-3320 Version-
DlinkDap-2230 Firmware Version1.02
   DlinkDap-2230 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 14.87% 0.942
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://seclists.org/fulldisclosure/2016/Feb/112
Third Party Advisory
Mailing List