9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.024 Low
EPSS
Percentile
89.9%
D-Link DIR routers contain a stack-based buffer overflow vulnerability, which may allow a remote attack to execute arbitrary code.
CWE-121:**Stack-based Buffer Overflow -**CVE-2016-5681
A stack-based buffer overflow occurs in the function within the cgibin binary which validates the session cookie.
This function is used by a service which is exposed to the WAN network on port 8181 by default.
CVE-2016-5681 has been confirmed to affect:
* DIR-850L B1
* DIR-822 A1
* DIR-823 A1
* DIR-895L A1
* DIR-890L A1
* DIR-885L A1
* DIR-880L A1
* DIR-868L B1
* DIR-868L C1
* DIR-817L(W)
* DIR-818L(W)
This function allows a buffer overflow condition in which arbitrary code may be executed. The impact may vary depending on if the use case is local or remote.
Apply Updates
D-Link has provided firmware updates for the affected devices. Please see their public advisory for links to the updated firmware.
Restrict Access
As a general good security practice, only allow connections from trusted hosts and networks
332115
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: July 07, 2016 Updated: August 09, 2016
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Group | Score | Vector |
---|---|---|
Base | 9.3 | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Temporal | 8.4 | E:POC/RL:ND/RC:C |
Environmental | 6.3 | CDP:ND/TD:M/CR:ND/IR:ND/AR:ND |
Thanks to Daniel Romero @daniel_rome (NCC Group) for reporting this vulnerability.
This document was written by Trent Novelly.
CVE IDs: | CVE-2016-5681 |
---|---|
Date Public: | 2016-08-11 Date First Published: |
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.024 Low
EPSS
Percentile
89.9%