9.8
CVE-2017-14948
- EPSS 4.78%
- Published 14.10.2019 18:15:10
- Last modified 21.11.2024 03:13:49
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
Certain D-Link products are affected by: Buffer Overflow. This affects DIR-880L 1.08B04 and DIR-895 L/R 1.13b03. The impact is: execute arbitrary code (remote). The component is: htdocs/fileaccess.cgi. The attack vector is: A crafted HTTP request handled by fileacces.cgi could allow an attacker to mount a ROP attack: if the HTTP header field CONTENT_TYPE starts with ''boundary=' followed by more than 256 characters, a buffer overflow would be triggered, potentially causing code execution.
Data is provided by the National Vulnerability Database (NVD)
Dlink ≫ Dir-868l Firmware Version-
Dlink ≫ Dir-890l Firmware Version-
Dlink ≫ Dir-885l Firmware Version-
Dlink ≫ Dir-895l Firmware Version1.13b03
Dlink ≫ Dir-880l Firmware Version1.08b04
Dlink ≫ Dir-895r Firmware Version1.13b03
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.78% | 0.884 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.