CVE-2017-3882

EPSS 0.79%
Veröffentlicht 16.05.2017 17:29:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle psirt@cisco.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability in the Universal Plug-and-Play (UPnP) implementation in the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, Layer 2-adjacent attacker to execute arbitrary code or cause a denial of service (DoS) condition. The remote code execution could occur with root privileges. The vulnerability is due to incomplete range checks of the UPnP input data, which could result in a buffer overflow. An attacker could exploit this vulnerability by sending a malicious request to the UPnP listening port of the targeted device. An exploit could allow the attacker to cause the device to reload or potentially execute arbitrary code with root privileges. This vulnerability affects all firmware releases of the Cisco CVR100W Wireless-N VPN Router prior to Firmware Release 1.0.1.22. Cisco Bug IDs: CSCuz72642.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Small Business Rv Router Firmware Version1.0.0.30

   Cisco ≫ Rv042 Version-
   Cisco ≫ Rv042g Version-
   Cisco ≫ Rv082 Version-
   Cisco ≫ Rv110w Version-
   Cisco ≫ Rv130 Version-
   Cisco ≫ Rv130 Wf Version-
   Cisco ≫ Rv130w Version-
   Cisco ≫ Rv130w Wf Version-
   Cisco ≫ Rv132w Version-
   Cisco ≫ Rv134w Version-
   Cisco ≫ Rv215w Version-
   Cisco ≫ Rv320 Version-
   Cisco ≫ Rv320 Wf Version-
   Cisco ≫ Rv325 Version-
   Cisco ≫ Rv325 Wf Version-

Cisco ≫ Small Business Rv Router Firmware Version1.0.1.9

Cisco ≫ Small Business Rv Router Firmware Version1.0.1.19

Cisco ≫ Small Business Rv Router Firmware Version1.0.2.6

Cisco ≫ Small Business Rv Router Firmware Version1.0.3.10

Cisco ≫ Small Business Rv Router Firmware Version1.0.4.10

Cisco ≫ Small Business Rv Router Firmware Version1.0.4.14

Cisco ≫ Small Business Rv Router Firmware Version1.0.5.4

Cisco ≫ Small Business Rv Router Firmware Version1.0.5.5

Cisco ≫ Small Business Rv Router Firmware Version1.0.5.6

Cisco ≫ Small Business Rv Router Firmware Version1.0.5.8

Cisco ≫ Small Business Rv Router Firmware Version1.0.6.6

Cisco ≫ Small Business Rv Router Firmware Version1.0.39

Cisco ≫ Small Business Rv Router Firmware 1.0 Version0.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.79%	0.715

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.6	2.8	6	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
nvd@nist.gov	8.3	6.5	10	AV:A/AC:L/Au:N/C:C/I:C/A:C

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www.securityfocus.com/bid/98287

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1038391

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cvr100w1

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-3882

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-3882

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-3882

EUVD