CVE-2021-37388

Exploit

EPSS 3.43%
Published 06.08.2021 12:15:07
Last modified 21.11.2024 06:15:03
Source cve@mitre.org
Teams watchlist Login
Open Login

A buffer overflow in D-Link DIR-615 C2 3.03WW. The ping_ipaddr parameter in ping_response.cgi POST request allows an attacker to crash the webserver and might even gain remote code execution.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Dlink ≫ Dir-615 Firmware Version3.03ww

Dlink ≫ Dir-615 Versionc2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	3.43%	0.868

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

https://www.dlink.com/en/security-bulletin/

Vendor Advisory

https://github.com/noobexploiter/IOTHACKS/blob/main/vuln1.md

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2021-37388

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-37388

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-37388

EUVD