Lucene search

[email protected]CVE-2015-2797

HistoryJun 19, 2015 - 2:59 p.m.

CVE-2015-2797

2015-06-1914:59:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2015-2797

stack-based buffer overflow

airties

dsl modems

firmware vulnerability

remote code execution

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8.4 High

AI Score

Confidence

Low

0.814 High

EPSS

Percentile

98.4%

JSON

Stack-based buffer overflow in AirTies Air 6372, 5760, 5750, 5650TT, 5453, 5444TT, 5443, 5442, 5343, 5342, 5341, and 5021 DSL modems with firmware 1.0.2.0 and earlier allows remote attackers to execute arbitrary code via a long string in the redirect parameter to cgi-bin/login.

Affected configurations

NVD

Node

airtiesair_firmwareRange≤1.0.2.0

AND

airtiesair_5021Match-

airtiesair_5341Match-

airtiesair_5342Match-

airtiesair_5343Match-

airtiesair_5442Match-

airtiesair_5443Match-

airtiesair_5444ttMatch-

airtiesair_5453Match-

airtiesair_5650ttMatch-

airtiesair_5750Match-

airtiesair_5760Match-

airtiesair_6372Match-

CPENameOperatorVersion
airties:air_firmwareairties air firmwarele1.0.2.0

CPE	Name	Operator	Version
airties:air_firmware	airties air firmware	le	1.0.2.0

References

osvdb.org/show/osvdb/120335

www.bmicrosystems.com/blog/exploiting-the-airties-air-series/

www.securityfocus.com/bid/75355

www.exploit-db.com/exploits/36577/

www.exploit-db.com/exploits/37170/

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8.4 High

AI Score

Confidence

Low

0.814 High

EPSS

Percentile

98.4%

JSON

Related for CVE-2015-2797

prion1 nvd1 cvelist1