9.8
CVE-2017-14948
- EPSS 4.78%
- Veröffentlicht 14.10.2019 18:15:10
- Zuletzt bearbeitet 21.11.2024 03:13:49
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginCertain D-Link products are affected by: Buffer Overflow. This affects DIR-880L 1.08B04 and DIR-895 L/R 1.13b03. The impact is: execute arbitrary code (remote). The component is: htdocs/fileaccess.cgi. The attack vector is: A crafted HTTP request handled by fileacces.cgi could allow an attacker to mount a ROP attack: if the HTTP header field CONTENT_TYPE starts with ''boundary=' followed by more than 256 characters, a buffer overflow would be triggered, potentially causing code execution.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Dlink ≫ Dir-868l Firmware Version-
Dlink ≫ Dir-890l Firmware Version-
Dlink ≫ Dir-885l Firmware Version-
Dlink ≫ Dir-895l Firmware Version1.13b03
Dlink ≫ Dir-880l Firmware Version1.08b04
Dlink ≫ Dir-895r Firmware Version1.13b03
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.78% | 0.884 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.