CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
97.4%
Stack-based buffer overflow in login_mgr.cgi in D-Link firmware DNR-320L and DNS-320LW before 1.04b08, DNR-322L before 2.10 build 03, DNR-326 before 2.10 build 03, and DNS-327L before 1.04b01 allows remote attackers to execute arbitrary code by crafting malformed “Host” and “Referer” header values.
Vendor | Product | Version | CPE |
---|---|---|---|
d-link | dns-322l_firmware | * | cpe:2.3:o:d-link:dns-322l_firmware:*:*:*:*:*:*:*:* |
dlink | dns-322l | - | cpe:2.3:h:dlink:dns-322l:-:*:*:*:*:*:*:* |
d-link | dns-320lw_firmware | * | cpe:2.3:o:d-link:dns-320lw_firmware:*:*:*:*:*:*:*:* |
dlink | dns-320lw | - | cpe:2.3:h:dlink:dns-320lw:-:*:*:*:*:*:*:* |
d-link | dnr-326_firmware | * | cpe:2.3:o:d-link:dnr-326_firmware:*:*:*:*:*:*:*:* |
dlink | dnr-326 | - | cpe:2.3:h:dlink:dnr-326:-:*:*:*:*:*:*:* |
d-link | dns-327l_firmware | * | cpe:2.3:o:d-link:dns-327l_firmware:*:*:*:*:*:*:*:* |
dlink | dns-327l | - | cpe:2.3:h:dlink:dns-327l:-:*:*:*:*:*:*:* |
d-link | dnr-320l_firmware | * | cpe:2.3:o:d-link:dnr-320l_firmware:*:*:*:*:*:*:*:* |
dlink | dnr-320l | - | cpe:2.3:h:dlink:dnr-320l:-:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
97.4%