Lucene search

CertccCVE-2016-1558

HistoryApr 21, 2017 - 3:59 p.m.

CVE-2016-1558

2017-04-2115:59:00

CWE-119

certcc

web.nvd.nist.gov

cve-2016-1558

buffer overflow

d-link

dap-2310

dap-2330

dap-2360

dap-2553

dap-2660

dap-2690

dap-2695

dap-3320

dap-3662

remote attack

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.006

Percentile

78.0%

JSON

Buffer overflow in D-Link DAP-2310 2.06 and earlier, DAP-2330 1.06 and earlier, DAP-2360 2.06 and earlier, DAP-2553 H/W ver. B1 3.05 and earlier, DAP-2660 1.11 and earlier, DAP-2690 3.15 and earlier, DAP-2695 1.16 and earlier, DAP-3320 1.00 and earlier, and DAP-3662 1.01 and earlier allows remote attackers to have unspecified impact via a crafted ‘dlink_uid’ cookie.

Affected configurations

Nvd

Node

dlinkdap-3662_firmwareMatch1.01

AND

dlinkdap-3662Match-

Node

dlinkdap-2310_firmwareMatch2.06

AND

dlinkdap-2310Match-

Node

dlinkdap-2330_firmwareMatch1.06

AND

dlinkdap-2330Match-

Node

dlinkdap-2360_firmwareMatch2.06

AND

dlinkdap-2360Match-

Node

dlinkdap-2553_firmwareMatch3.05

AND

dlinkdap-2553Match-

Node

dlinkdap-2660_firmwareMatch1.11

AND

dlinkdap-2660Match-

Node

dlinkdap-2690_firmwareMatch3.15

AND

dlinkdap-2690Match-

Node

dlinkdap-2695_firmwareMatch1.16

AND

dlinkdap-2695Match-

Node

dlinkdap-3320_firmwareMatch1.00

AND

dlinkdap-3320Match-

Node

dlinkdap-2230_firmwareMatch1.02

AND

dlinkdap-2230Match-

VendorProductVersionCPE
dlinkdap-3662_firmware1.01cpe:2.3:o:dlink:dap-3662_firmware:1.01:*:*:*:*:*:*:*
dlinkdap-3662-cpe:2.3:h:dlink:dap-3662:-:*:*:*:*:*:*:*
dlinkdap-2310_firmware2.06cpe:2.3:o:dlink:dap-2310_firmware:2.06:*:*:*:*:*:*:*
dlinkdap-2310-cpe:2.3:h:dlink:dap-2310:-:*:*:*:*:*:*:*
dlinkdap-2330_firmware1.06cpe:2.3:o:dlink:dap-2330_firmware:1.06:*:*:*:*:*:*:*
dlinkdap-2330-cpe:2.3:h:dlink:dap-2330:-:*:*:*:*:*:*:*
dlinkdap-2360_firmware2.06cpe:2.3:o:dlink:dap-2360_firmware:2.06:*:*:*:*:*:*:*
dlinkdap-2360-cpe:2.3:h:dlink:dap-2360:-:*:*:*:*:*:*:*
dlinkdap-2553_firmware3.05cpe:2.3:o:dlink:dap-2553_firmware:3.05:*:*:*:*:*:*:*
dlinkdap-2553-cpe:2.3:h:dlink:dap-2553:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dlink	dap-3662_firmware	1.01	cpe:2.3:o:dlink:dap-3662_firmware:1.01:::::::*
dlink	dap-3662	-	cpe:2.3:h:dlink:dap-3662:-:::::::*
dlink	dap-2310_firmware	2.06	cpe:2.3:o:dlink:dap-2310_firmware:2.06:::::::*
dlink	dap-2310	-	cpe:2.3:h:dlink:dap-2310:-:::::::*
dlink	dap-2330_firmware	1.06	cpe:2.3:o:dlink:dap-2330_firmware:1.06:::::::*
dlink	dap-2330	-	cpe:2.3:h:dlink:dap-2330:-:::::::*
dlink	dap-2360_firmware	2.06	cpe:2.3:o:dlink:dap-2360_firmware:2.06:::::::*
dlink	dap-2360	-	cpe:2.3:h:dlink:dap-2360:-:::::::*
dlink	dap-2553_firmware	3.05	cpe:2.3:o:dlink:dap-2553_firmware:3.05:::::::*
dlink	dap-2553	-	cpe:2.3:h:dlink:dap-2553:-:::::::*

Rows per page:

1-10 of 201

References

packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html

seclists.org/fulldisclosure/2016/Feb/112

www.dlink.com/mk/mk/support/support-news/2016/march/16/firmadyne-cve_2016_1558-cve_2016_1559

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.006

Percentile

78.0%

JSON

Related for CVE-2016-1558