Search criteria
11 vulnerabilities found for di-524 by dlink
VAR-201703-0736
Vulnerability from variot - Updated: 2025-04-20 23:37Multiple cross-site request forgery (CSRF) vulnerabilities on the D-Link DI-524 Wireless Router with firmware 9.01 allow remote attackers to (1) change the admin password, (2) reboot the device, or (3) possibly have unspecified other impact via crafted requests to CGI programs. D-linkDI-524 is a wireless router from D-Link. A cross-site request forgery vulnerability exists in D-linkDI-5249.01. An attacker could exploit the vulnerability to perform unauthorized actions and gain access to affected applications. D-link DI-524 is prone to multiple cross-site request-forgery vulnerabilities. Other attacks are also possible. D-link DI-524 9.01 is vulnerable; other versions may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201703-0736",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "di-524",
"scope": "eq",
"trust": 3.0,
"vendor": "d link",
"version": "9.01"
},
{
"model": "di-524",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "di-524",
"scope": "eq",
"trust": 0.3,
"vendor": "dlink",
"version": "9.01"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02294"
},
{
"db": "BID",
"id": "96475"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002133"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-955"
},
{
"db": "NVD",
"id": "CVE-2017-5633"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:d-link:di-524",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:di-524_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002133"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Felipe de Souza - Network Analyst \u0026 Programmer",
"sources": [
{
"db": "BID",
"id": "96475"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-955"
}
],
"trust": 0.9
},
"cve": "CVE-2017-5633",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.8,
"id": "CVE-2017-5633",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-02294",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.8,
"id": "VHN-113836",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.1,
"id": "CVE-2017-5633",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-5633",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-5633",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-02294",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201702-955",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-113836",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02294"
},
{
"db": "VULHUB",
"id": "VHN-113836"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002133"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-955"
},
{
"db": "NVD",
"id": "CVE-2017-5633"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site request forgery (CSRF) vulnerabilities on the D-Link DI-524 Wireless Router with firmware 9.01 allow remote attackers to (1) change the admin password, (2) reboot the device, or (3) possibly have unspecified other impact via crafted requests to CGI programs. D-linkDI-524 is a wireless router from D-Link. A cross-site request forgery vulnerability exists in D-linkDI-5249.01. An attacker could exploit the vulnerability to perform unauthorized actions and gain access to affected applications. D-link DI-524 is prone to multiple cross-site request-forgery vulnerabilities. Other attacks are also possible. \nD-link DI-524 9.01 is vulnerable; other versions may also be affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5633"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002133"
},
{
"db": "CNVD",
"id": "CNVD-2017-02294"
},
{
"db": "BID",
"id": "96475"
},
{
"db": "VULHUB",
"id": "VHN-113836"
}
],
"trust": 2.52
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-113836",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113836"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-5633",
"trust": 3.4
},
{
"db": "BID",
"id": "96475",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002133",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201702-955",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-02294",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "40983",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-113836",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02294"
},
{
"db": "VULHUB",
"id": "VHN-113836"
},
{
"db": "BID",
"id": "96475"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002133"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-955"
},
{
"db": "NVD",
"id": "CVE-2017-5633"
}
]
},
"id": "VAR-201703-0736",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02294"
},
{
"db": "VULHUB",
"id": "VHN-113836"
}
],
"trust": 1.2214285999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02294"
}
]
},
"last_update_date": "2025-04-20T23:37:58.353000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.dlink-jp.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002133"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113836"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002133"
},
{
"db": "NVD",
"id": "CVE-2017-5633"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://seclists.org/fulldisclosure/2017/feb/70"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/96475"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5633"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-5633"
},
{
"trust": 0.3,
"url": "http://www.dlink.co.in/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02294"
},
{
"db": "VULHUB",
"id": "VHN-113836"
},
{
"db": "BID",
"id": "96475"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002133"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-955"
},
{
"db": "NVD",
"id": "CVE-2017-5633"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-02294"
},
{
"db": "VULHUB",
"id": "VHN-113836"
},
{
"db": "BID",
"id": "96475"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002133"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-955"
},
{
"db": "NVD",
"id": "CVE-2017-5633"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-02294"
},
{
"date": "2017-03-06T00:00:00",
"db": "VULHUB",
"id": "VHN-113836"
},
{
"date": "2017-02-27T00:00:00",
"db": "BID",
"id": "96475"
},
{
"date": "2017-03-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002133"
},
{
"date": "2017-02-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-955"
},
{
"date": "2017-03-06T06:59:00.257000",
"db": "NVD",
"id": "CVE-2017-5633"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-02294"
},
{
"date": "2017-03-09T00:00:00",
"db": "VULHUB",
"id": "VHN-113836"
},
{
"date": "2017-03-07T01:08:00",
"db": "BID",
"id": "96475"
},
{
"date": "2017-03-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002133"
},
{
"date": "2023-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-955"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-5633"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-955"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DI-524 Wireless router firmware cross-site request forgery vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002133"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-955"
}
],
"trust": 0.6
}
}
VAR-200803-0062
Vulnerability from variot - Updated: 2025-04-10 20:57Multiple buffer overflows in the web interface on the D-Link DI-524 router allow remote attackers to cause a denial of service (device crash) or possibly have unspecified other impact via (1) a long username or (2) an HTTP header with a large name and an empty value. (1) Excessively long username (2) Have an overly large name and a blank value HTTP header. D-Link is an internationally renowned provider of network equipment and solutions, and its products include a variety of router equipment.
D-Link DI-524 has multiple vulnerabilities in processing user requests. Remote attackers may use these vulnerabilities to make device services unavailable or perform cross-site scripting attacks.
The D-Link DI-524 router does not properly handle the login request sent to the web interface. collapse.
The D-Link DI-604 router did not properly filter the input passed to the rf parameter in prim.htm and returned it to the user, which could cause arbitrary HTML and script code to be executed in the user's browser session.
The D-Link DSL-G604T router did not properly filter the input passed to the var: category parameter in cgi-bin / webcm and returned it to the user, which could cause arbitrary HTML and script code to be executed in the user's browser session. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. D-Link is a network company founded by Taiwan D-Link Group, dedicated to the R&D, production and marketing of LAN, broadband network, wireless network, voice network and related network equipment. ----------------------------------------------------------------------
A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched.
Download and test it today: https://psi.secunia.com/
Read more about this new version: https://psi.secunia.com/?page=changelog
TITLE: D-Link DI-524 Denial of Service Vulnerabilities
SECUNIA ADVISORY ID: SA29366
VERIFY ADVISORY: http://secunia.com/advisories/29366/
CRITICAL: Less critical
IMPACT: DoS
WHERE:
From local network
OPERATING SYSTEM: D-Link DI-524 http://secunia.com/product/8028/
DESCRIPTION: laurent has reported two vulnerabilities in D-Link DI-524, which can be exploited by malicious people to cause a DoS (Denial of Service).
SOLUTION: Restrict access to trusted users only.
PROVIDED AND/OR DISCOVERED BY: laurent
ORIGINAL ADVISORY: http://www.gnucitizen.org/projects/router-hacking-challenge/
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200803-0062",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "di-524",
"scope": null,
"trust": 1.4,
"vendor": "d link",
"version": null
},
{
"model": "di-524",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "*"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "none",
"version": null
},
{
"model": "dsl-g604t",
"scope": null,
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"model": "di-604",
"scope": null,
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"model": "di-524",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2008-5921"
},
{
"db": "BID",
"id": "28439"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-002828"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-144"
},
{
"db": "NVD",
"id": "CVE-2008-1266"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:d-link:di-524",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-002828"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gareth Heyeslaurent",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200803-144"
}
],
"trust": 0.6
},
"cve": "CVE-2008-1266",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2008-1266",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-31391",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2008-1266",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2008-1266",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200803-144",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-31391",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-31391"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-002828"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-144"
},
{
"db": "NVD",
"id": "CVE-2008-1266"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple buffer overflows in the web interface on the D-Link DI-524 router allow remote attackers to cause a denial of service (device crash) or possibly have unspecified other impact via (1) a long username or (2) an HTTP header with a large name and an empty value. (1) Excessively long username (2) Have an overly large name and a blank value HTTP header. D-Link is an internationally renowned provider of network equipment and solutions, and its products include a variety of router equipment. \n\n\u00a0D-Link DI-524 has multiple vulnerabilities in processing user requests. Remote attackers may use these vulnerabilities to make device services unavailable or perform cross-site scripting attacks. \n\n\u00a0The D-Link DI-524 router does not properly handle the login request sent to the web interface. collapse. \n\n\u00a0The D-Link DI-604 router did not properly filter the input passed to the rf parameter in prim.htm and returned it to the user, which could cause arbitrary HTML and script code to be executed in the user\u0027s browser session. \n\n\u00a0The D-Link DSL-G604T router did not properly filter the input passed to the var: category parameter in cgi-bin / webcm and returned it to the user, which could cause arbitrary HTML and script code to be executed in the user\u0027s browser session. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. D-Link is a network company founded by Taiwan D-Link Group, dedicated to the R\u0026D, production and marketing of LAN, broadband network, wireless network, voice network and related network equipment. ----------------------------------------------------------------------\n\nA new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI\nhas been released. The new version includes many new and advanced\nfeatures, which makes it even easier to stay patched. \n\nDownload and test it today:\nhttps://psi.secunia.com/\n\nRead more about this new version:\nhttps://psi.secunia.com/?page=changelog\n\n----------------------------------------------------------------------\n\nTITLE:\nD-Link DI-524 Denial of Service Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA29366\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/29366/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nDoS\n\nWHERE:\n\u003eFrom local network\n\nOPERATING SYSTEM:\nD-Link DI-524\nhttp://secunia.com/product/8028/\n\nDESCRIPTION:\nlaurent has reported two vulnerabilities in D-Link DI-524, which can\nbe exploited by malicious people to cause a DoS (Denial of Service). \n\nSOLUTION:\nRestrict access to trusted users only. \n\nPROVIDED AND/OR DISCOVERED BY:\nlaurent\n\nORIGINAL ADVISORY:\nhttp://www.gnucitizen.org/projects/router-hacking-challenge/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-1266"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-002828"
},
{
"db": "CNVD",
"id": "CNVD-2008-5921"
},
{
"db": "BID",
"id": "28439"
},
{
"db": "VULHUB",
"id": "VHN-31391"
},
{
"db": "PACKETSTORM",
"id": "64867"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-1266",
"trust": 3.4
},
{
"db": "BID",
"id": "28439",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "29366",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2008-002828",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200803-144",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2008-5921",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-31391",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "64867",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2008-5921"
},
{
"db": "VULHUB",
"id": "VHN-31391"
},
{
"db": "BID",
"id": "28439"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-002828"
},
{
"db": "PACKETSTORM",
"id": "64867"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-144"
},
{
"db": "NVD",
"id": "CVE-2008-1266"
}
]
},
"id": "VAR-200803-0062",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2008-5921"
},
{
"db": "VULHUB",
"id": "VHN-31391"
}
],
"trust": 1.2214285999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2008-5921"
}
]
},
"last_update_date": "2025-04-10T20:57:05.632000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.dlink.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-002828"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-31391"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-002828"
},
{
"db": "NVD",
"id": "CVE-2008-1266"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/28439"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/29366"
},
{
"trust": 1.7,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41125"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1266"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-1266"
},
{
"trust": 0.3,
"url": "http://www.d-link.com/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/8028/"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/?page=changelog"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/29366/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-31391"
},
{
"db": "BID",
"id": "28439"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-002828"
},
{
"db": "PACKETSTORM",
"id": "64867"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-144"
},
{
"db": "NVD",
"id": "CVE-2008-1266"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2008-5921"
},
{
"db": "VULHUB",
"id": "VHN-31391"
},
{
"db": "BID",
"id": "28439"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-002828"
},
{
"db": "PACKETSTORM",
"id": "64867"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-144"
},
{
"db": "NVD",
"id": "CVE-2008-1266"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-12-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2008-5921"
},
{
"date": "2008-03-10T00:00:00",
"db": "VULHUB",
"id": "VHN-31391"
},
{
"date": "2008-03-25T00:00:00",
"db": "BID",
"id": "28439"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-002828"
},
{
"date": "2008-03-26T00:09:25",
"db": "PACKETSTORM",
"id": "64867"
},
{
"date": "2008-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200803-144"
},
{
"date": "2008-03-10T17:44:00",
"db": "NVD",
"id": "CVE-2008-1266"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-12-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2008-5921"
},
{
"date": "2018-10-11T00:00:00",
"db": "VULHUB",
"id": "VHN-31391"
},
{
"date": "2008-03-26T16:10:00",
"db": "BID",
"id": "28439"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-002828"
},
{
"date": "2023-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200803-144"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2008-1266"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200803-144"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DI-524 On the router Web Interface buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-002828"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200803-144"
}
],
"trust": 0.6
}
}
VAR-200607-0199
Vulnerability from variot - Updated: 2025-04-03 22:38Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in D-Link DI-524, DI-604 Broadband Router, DI-624, D-Link DI-784, WBR-1310 Wireless G Router, WBR-2310 RangeBooster G Router, and EBR-2310 Ethernet Broadband Router allows remote attackers to execute arbitrary code via a long M-SEARCH request to UDP port 1900. A buffer overflow vulnerability in the software that operates certain models of D-Link routers could allow a remote attacker to execute arbitrary code on the affected device. D-Link is an internationally renowned provider of network equipment and solutions, and its products include a variety of router equipment.
If an attacker can send an M-SEARCH request with an excessively long parameter (about 800 bytes) to the LAN interface of the vulnerable D-Link device, it will trigger a stack overflow and cause reliable execution of arbitrary instructions. The attack does not affect network connectivity and shows no signs. In some cases, a soft restart of the device may be required, resulting in a temporary loss of connectivity. D-Link wired and wireless routers are prone to a buffer-overflow vulnerability because these devices fail to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. D-Link is a network company founded by Taiwan D-Link Group, dedicated to the R&D, production and marketing of LAN, broadband network, wireless network, voice network and related network equipment
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200607-0199",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "di-524",
"scope": null,
"trust": 1.4,
"vendor": "d link",
"version": null
},
{
"model": "di-624",
"scope": null,
"trust": 1.4,
"vendor": "d link",
"version": null
},
{
"model": "di-784",
"scope": null,
"trust": 1.4,
"vendor": "d link",
"version": null
},
{
"model": "ebr-2310 ethernet broadband router",
"scope": null,
"trust": 1.4,
"vendor": "d link",
"version": null
},
{
"model": "wbr-1310 wireless g router",
"scope": null,
"trust": 1.4,
"vendor": "d link",
"version": null
},
{
"model": "wbr-2310 rangebooster g router",
"scope": null,
"trust": 1.4,
"vendor": "d link",
"version": null
},
{
"model": "wbr-1310 wireless g router",
"scope": "eq",
"trust": 1.0,
"vendor": "d link",
"version": "*"
},
{
"model": "di-784",
"scope": "eq",
"trust": 1.0,
"vendor": "d link",
"version": "*"
},
{
"model": "di-624",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "*"
},
{
"model": "ebr-2310 ethernet broadband router",
"scope": "eq",
"trust": 1.0,
"vendor": "d link",
"version": "*"
},
{
"model": "di-524",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "*"
},
{
"model": "wbr-2310 rangebooster g router",
"scope": "eq",
"trust": 1.0,
"vendor": "d link",
"version": "*"
},
{
"model": "di-604 broadband router",
"scope": "eq",
"trust": 1.0,
"vendor": "d link",
"version": "*"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "di-604",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "none",
"version": null
},
{
"model": "di-604 broadband router",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "wbr-2310 rev a",
"scope": null,
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"model": "wbr-1310 rev a",
"scope": null,
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"model": "ebr-2310 rev a",
"scope": null,
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"model": "di-784 rev a",
"scope": null,
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"model": "di-624 rev d",
"scope": null,
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"model": "di-624 rev c",
"scope": null,
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"model": "di-604 rev e",
"scope": null,
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"model": "di-524 rev d",
"scope": null,
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"model": "di-524 rev c",
"scope": null,
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"model": "di-524 rev b2",
"scope": null,
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"model": "di-524 rev b1",
"scope": null,
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"model": "di-524 rev a",
"scope": null,
"trust": 0.3,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#971705"
},
{
"db": "CNVD",
"id": "CNVD-2006-5380"
},
{
"db": "BID",
"id": "19006"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002812"
},
{
"db": "CNNVD",
"id": "CNNVD-200607-297"
},
{
"db": "NVD",
"id": "CVE-2006-3687"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:d-link:di-524",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:d-link:di-604",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:d-link:di-624",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:d-link:di-784",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:d-link:ebr-2310_ethernet_broadband_router",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:d-link:wbr-1310_wireless_g_router",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:d-link:wbr-2310_rangebooster_g_router",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-002812"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Barnaby Jack",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200607-297"
}
],
"trust": 0.6
},
"cve": "CVE-2006-3687",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2006-3687",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-19795",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2006-3687",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#971705",
"trust": 0.8,
"value": "0.14"
},
{
"author": "NVD",
"id": "CVE-2006-3687",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200607-297",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-19795",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#971705"
},
{
"db": "VULHUB",
"id": "VHN-19795"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002812"
},
{
"db": "CNNVD",
"id": "CNNVD-200607-297"
},
{
"db": "NVD",
"id": "CVE-2006-3687"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in D-Link DI-524, DI-604 Broadband Router, DI-624, D-Link DI-784, WBR-1310 Wireless G Router, WBR-2310 RangeBooster G Router, and EBR-2310 Ethernet Broadband Router allows remote attackers to execute arbitrary code via a long M-SEARCH request to UDP port 1900. A buffer overflow vulnerability in the software that operates certain models of D-Link routers could allow a remote attacker to execute arbitrary code on the affected device. D-Link is an internationally renowned provider of network equipment and solutions, and its products include a variety of router equipment. \n\n\u00a0If an attacker can send an M-SEARCH request with an excessively long parameter (about 800 bytes) to the LAN interface of the vulnerable D-Link device, it will trigger a stack overflow and cause reliable execution of arbitrary instructions. The attack does not affect network connectivity and shows no signs. In some cases, a soft restart of the device may be required, resulting in a temporary loss of connectivity. D-Link wired and wireless routers are prone to a buffer-overflow vulnerability because these devices fail to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. D-Link is a network company founded by Taiwan D-Link Group, dedicated to the R\u0026D, production and marketing of LAN, broadband network, wireless network, voice network and related network equipment",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-3687"
},
{
"db": "CERT/CC",
"id": "VU#971705"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002812"
},
{
"db": "CNVD",
"id": "CNVD-2006-5380"
},
{
"db": "BID",
"id": "19006"
},
{
"db": "VULHUB",
"id": "VHN-19795"
}
],
"trust": 3.24
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-19795",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-19795"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#971705",
"trust": 3.3
},
{
"db": "NVD",
"id": "CVE-2006-3687",
"trust": 3.1
},
{
"db": "SECUNIA",
"id": "21081",
"trust": 2.5
},
{
"db": "BID",
"id": "19006",
"trust": 2.0
},
{
"db": "VUPEN",
"id": "ADV-2006-2829",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1016511",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "27333",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002812",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200607-297",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2006-5380",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-81807",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "28230",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-19795",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#971705"
},
{
"db": "CNVD",
"id": "CNVD-2006-5380"
},
{
"db": "VULHUB",
"id": "VHN-19795"
},
{
"db": "BID",
"id": "19006"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002812"
},
{
"db": "CNNVD",
"id": "CNNVD-200607-297"
},
{
"db": "NVD",
"id": "CVE-2006-3687"
}
]
},
"id": "VAR-200607-0199",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-5380"
},
{
"db": "VULHUB",
"id": "VHN-19795"
}
],
"trust": 1.2214285999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-5380"
}
]
},
"last_update_date": "2025-04-03T22:38:54.529000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.dlink.com"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-002812"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-3687"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.eeye.com/html/research/advisories/ad20060714.html"
},
{
"trust": 2.5,
"url": "http://www.kb.cert.org/vuls/id/971705"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/19006"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/440298/100/0/threaded"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/440852/100/100/threaded"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0363.html"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/27333"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1016511"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/21081"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2006/2829"
},
{
"trust": 1.7,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27755"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/21081/"
},
{
"trust": 0.8,
"url": "http://support.dlink.com/products/view.asp?productid=di%2d524"
},
{
"trust": 0.8,
"url": "http://support.dlink.com/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3687"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-3687"
},
{
"trust": 0.3,
"url": "http://www.dlink.com/"
},
{
"trust": 0.3,
"url": "/archive/1/440298"
},
{
"trust": 0.3,
"url": "/archive/1/440852"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#971705"
},
{
"db": "VULHUB",
"id": "VHN-19795"
},
{
"db": "BID",
"id": "19006"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002812"
},
{
"db": "CNNVD",
"id": "CNNVD-200607-297"
},
{
"db": "NVD",
"id": "CVE-2006-3687"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#971705"
},
{
"db": "CNVD",
"id": "CNVD-2006-5380"
},
{
"db": "VULHUB",
"id": "VHN-19795"
},
{
"db": "BID",
"id": "19006"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002812"
},
{
"db": "CNNVD",
"id": "CNNVD-200607-297"
},
{
"db": "NVD",
"id": "CVE-2006-3687"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-08-03T00:00:00",
"db": "CERT/CC",
"id": "VU#971705"
},
{
"date": "2006-07-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2006-5380"
},
{
"date": "2006-07-21T00:00:00",
"db": "VULHUB",
"id": "VHN-19795"
},
{
"date": "2006-07-17T00:00:00",
"db": "BID",
"id": "19006"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-002812"
},
{
"date": "2006-07-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200607-297"
},
{
"date": "2006-07-21T14:03:00",
"db": "NVD",
"id": "CVE-2006-3687"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-01-23T00:00:00",
"db": "CERT/CC",
"id": "VU#971705"
},
{
"date": "2006-07-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2006-5380"
},
{
"date": "2018-10-18T00:00:00",
"db": "VULHUB",
"id": "VHN-19795"
},
{
"date": "2006-07-24T18:02:00",
"db": "BID",
"id": "19006"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-002812"
},
{
"date": "2023-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200607-297"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2006-3687"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200607-297"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple D-Link routers fail to properly process UPnP M-SEARCH requests",
"sources": [
{
"db": "CERT/CC",
"id": "VU#971705"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200607-297"
}
],
"trust": 0.6
}
}
VAR-200512-0918
Vulnerability from variot - Updated: 2025-04-03 22:10D-Link DI-524 Wireless Router, DI-624 Wireless Router, and DI-784 allow remote attackers to cause a denial of service (device reboot) via a series of crafted fragmented UDP packets, possibly involving a missing fragment. D-Link is an internationally renowned provider of network equipment and solutions, and its products include a variety of router equipment.
D-Link's multiple wireless access routers have a denial of service vulnerability. Remote attackers may use this vulnerability to conduct denial of service attacks on devices.
If the attacker sends three consecutive fragmented UDP packets as follows, the device will restart:
The IP header of all messages must have the same Identification Number.
Message 1:
The MORE_FRAGMENTS flag must be set to 1 (IP_MF)
Debris offset = 0
The effective part size of the message is 8 bytes. Null bytes were used in the attack code.
Message 2:
Set the MORE_FRAGMENTS flag to 1 (0x2002)
Debris offset = 16
The valid part is 8 bytes long.
Message 3:
Set the MORE_FRAGMENTS flag to 0 (0x0003)
Debris offset = 24
The valid part is 8 bytes long.
Upon receiving the above message, the affected router will immediately terminate all current connections. DI-524 takes about 1 minute to restart to restore the connection, and DI-624 takes about 30 seconds to restart. This issue is due to a flaw in affected devices that causes them to fail when attempting to reassemble certain IP packets. D-Link DI-524, DI-624, and Di-784 devices are affected by this issue. Due to code reuse among routers, other devices may also be affected. It is reported that US Robotics USR8054 devices are also affected. D-Link is a network company founded by Taiwan D-Link Group, dedicated to the R&D, production and marketing of LAN, broadband network, wireless network, voice network and related network equipment.
TITLE: D-Link Wireless Access Point Denial of Service Vulnerability
SECUNIA ADVISORY ID: SA18833
VERIFY ADVISORY: http://secunia.com/advisories/18833/
CRITICAL: Moderately critical
IMPACT: DoS
WHERE:
From remote
OPERATING SYSTEM: D-Link DI-784 http://secunia.com/product/8029/ D-Link DI-624 http://secunia.com/product/3660/ D-Link DI-524 http://secunia.com/product/8028/
DESCRIPTION: Aaron Portnoy and Keefe Johnson has reported a vulnerability in D-Link Wireless Access Point, which potentially can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error in the handling of fragmented UDP packets.
The vulnerability has been reported in the following products: * D-Link DI-524 Wireless Router (firmware version 3.20 August 18, 2005). * D-Link DI-624 Wireless Router. * D-Link DI-784.
SOLUTION: The vulnerability has reportedly been fixed in the latest firmware.
PROVIDED AND/OR DISCOVERED BY: Aaron Portnoy and Keefe Johnson
ORIGINAL ADVISORY: http://www.thunkers.net/~deft/advisories/dlink_udp_dos.txt
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200512-0918",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "di-524",
"scope": "eq",
"trust": 1.9,
"vendor": "d link",
"version": "3.20"
},
{
"model": "di-624",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "*"
},
{
"model": "di-784",
"scope": "eq",
"trust": 1.0,
"vendor": "d link",
"version": "*"
},
{
"model": "di-524",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "*"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "none",
"version": null
},
{
"model": "di-784",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "di-524",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "di-624",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "usr8054",
"scope": "eq",
"trust": 0.3,
"vendor": "u s robotics",
"version": "0"
},
{
"model": "di-784",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "0"
},
{
"model": "di-624",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "0"
},
{
"model": "di-524",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "0"
},
{
"model": "di-614+",
"scope": "ne",
"trust": 0.3,
"vendor": "d link",
"version": "2.30"
},
{
"model": "di-614+",
"scope": "ne",
"trust": 0.3,
"vendor": "d link",
"version": "2.18"
},
{
"model": "di-614+",
"scope": "ne",
"trust": 0.3,
"vendor": "d link",
"version": "2.10"
},
{
"model": "di-614+ f",
"scope": "ne",
"trust": 0.3,
"vendor": "d link",
"version": "2.0"
},
{
"model": "di-614+ 3g",
"scope": "ne",
"trust": 0.3,
"vendor": "d link",
"version": "2.0"
},
{
"model": "di-614+",
"scope": "ne",
"trust": 0.3,
"vendor": "d link",
"version": "2.03"
},
{
"model": "di-614+",
"scope": "ne",
"trust": 0.3,
"vendor": "d link",
"version": "2.0"
},
{
"model": "di-604",
"scope": "ne",
"trust": 0.3,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-0807"
},
{
"db": "BID",
"id": "16621"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-848"
},
{
"db": "NVD",
"id": "CVE-2005-4723"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aaron Portnoy aportnoy@ccs.neu.edu",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-848"
}
],
"trust": 0.6
},
"cve": "CVE-2005-4723",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2005-4723",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-15931",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2005-4723",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200512-848",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-15931",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-15931"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-848"
},
{
"db": "NVD",
"id": "CVE-2005-4723"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DI-524 Wireless Router, DI-624 Wireless Router, and DI-784 allow remote attackers to cause a denial of service (device reboot) via a series of crafted fragmented UDP packets, possibly involving a missing fragment. D-Link is an internationally renowned provider of network equipment and solutions, and its products include a variety of router equipment. \n\n\u00a0D-Link\u0027s multiple wireless access routers have a denial of service vulnerability. Remote attackers may use this vulnerability to conduct denial of service attacks on devices. \n\n\u00a0If the attacker sends three consecutive fragmented UDP packets as follows, the device will restart:\n\n\u00a0The IP header of all messages must have the same Identification Number. \n\n\u00a0Message 1:\n\n\u00a0The MORE_FRAGMENTS flag must be set to 1 (IP_MF)\n\n\u00a0Debris offset = 0\n\n\u00a0The effective part size of the message is 8 bytes. Null bytes were used in the attack code. \n\n\u00a0Message 2:\n\n\u00a0Set the MORE_FRAGMENTS flag to 1 (0x2002)\n\n\u00a0Debris offset = 16\n\n\u00a0The valid part is 8 bytes long. \n\n\u00a0Message 3:\n\n\u00a0Set the MORE_FRAGMENTS flag to 0 (0x0003)\n\n\u00a0Debris offset = 24\n\n\u00a0The valid part is 8 bytes long. \n\n\u00a0Upon receiving the above message, the affected router will immediately terminate all current connections. DI-524 takes about 1 minute to restart to restore the connection, and DI-624 takes about 30 seconds to restart. This issue is due to a flaw in affected devices that causes them to fail when attempting to reassemble certain IP packets. \nD-Link DI-524, DI-624, and Di-784 devices are affected by this issue. Due to code reuse among routers, other devices may also be affected. \nIt is reported that US Robotics USR8054 devices are also affected. D-Link is a network company founded by Taiwan D-Link Group, dedicated to the R\u0026D, production and marketing of LAN, broadband network, wireless network, voice network and related network equipment. \n\nTITLE:\nD-Link Wireless Access Point Denial of Service Vulnerability\n\nSECUNIA ADVISORY ID:\nSA18833\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/18833/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nDoS\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nD-Link DI-784\nhttp://secunia.com/product/8029/\nD-Link DI-624\nhttp://secunia.com/product/3660/\nD-Link DI-524\nhttp://secunia.com/product/8028/\n\nDESCRIPTION:\nAaron Portnoy and Keefe Johnson has reported a vulnerability in\nD-Link Wireless Access Point, which potentially can be exploited by\nmalicious people to cause a DoS (Denial of Service). \n\nThe vulnerability is caused due to an error in the handling of\nfragmented UDP packets. \n\nThe vulnerability has been reported in the following products:\n* D-Link DI-524 Wireless Router (firmware version 3.20 August 18,\n2005). \n* D-Link DI-624 Wireless Router. \n* D-Link DI-784. \n\nSOLUTION:\nThe vulnerability has reportedly been fixed in the latest firmware. \n\nPROVIDED AND/OR DISCOVERED BY:\nAaron Portnoy and Keefe Johnson\n\nORIGINAL ADVISORY:\nhttp://www.thunkers.net/~deft/advisories/dlink_udp_dos.txt\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-4723"
},
{
"db": "CNVD",
"id": "CNVD-2006-0807"
},
{
"db": "BID",
"id": "16621"
},
{
"db": "VULHUB",
"id": "VHN-15931"
},
{
"db": "PACKETSTORM",
"id": "43828"
}
],
"trust": 1.89
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-15931",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-15931"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2005-4723",
"trust": 2.3
},
{
"db": "BID",
"id": "16621",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "18833",
"trust": 1.8
},
{
"db": "VUPEN",
"id": "ADV-2006-0563",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200512-848",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2006-0807",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "1496",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-15931",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "43828",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-0807"
},
{
"db": "VULHUB",
"id": "VHN-15931"
},
{
"db": "BID",
"id": "16621"
},
{
"db": "PACKETSTORM",
"id": "43828"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-848"
},
{
"db": "NVD",
"id": "CVE-2005-4723"
}
]
},
"id": "VAR-200512-0918",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-0807"
},
{
"db": "VULHUB",
"id": "VHN-15931"
}
],
"trust": 1.2214285999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-0807"
}
]
},
"last_update_date": "2025-04-03T22:10:45.588000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-4723"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.thunkers.net/~deft/advisories/dlink_udp_dos.txt"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/16621"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0188.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/18833"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2006/0563"
},
{
"trust": 1.7,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24631"
},
{
"trust": 0.3,
"url": "http://thunkers.net/~deft/advisories/dlink_udp_dos.txt"
},
{
"trust": 0.3,
"url": "http://www.usr.com/"
},
{
"trust": 0.3,
"url": "http://www.d-link.com/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/8029/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/8028/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/18833/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/3660/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-15931"
},
{
"db": "BID",
"id": "16621"
},
{
"db": "PACKETSTORM",
"id": "43828"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-848"
},
{
"db": "NVD",
"id": "CVE-2005-4723"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2006-0807"
},
{
"db": "VULHUB",
"id": "VHN-15931"
},
{
"db": "BID",
"id": "16621"
},
{
"db": "PACKETSTORM",
"id": "43828"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-848"
},
{
"db": "NVD",
"id": "CVE-2005-4723"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-02-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2006-0807"
},
{
"date": "2005-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-15931"
},
{
"date": "2006-02-13T00:00:00",
"db": "BID",
"id": "16621"
},
{
"date": "2006-02-14T20:21:41",
"db": "PACKETSTORM",
"id": "43828"
},
{
"date": "2005-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200512-848"
},
{
"date": "2005-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2005-4723"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-02-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2006-0807"
},
{
"date": "2017-07-20T00:00:00",
"db": "VULHUB",
"id": "VHN-15931"
},
{
"date": "2006-02-14T18:53:00",
"db": "BID",
"id": "16621"
},
{
"date": "2023-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200512-848"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2005-4723"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-848"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple D-Link Products IP Packet Reassembly Denial of Service Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-0807"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-848"
}
],
"trust": 0.6
}
}
VAR-201904-1005
Vulnerability from variot - Updated: 2024-11-23 22:06On D-Link DI-524 V2.06RU devices, multiple Stored and Reflected XSS vulnerabilities were found in the Web Configuration: /spap.htm, /smap.htm, and /cgi-bin/smap, as demonstrated by the cgi-bin/smap RC parameter. D-Link DI-524 The device contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. D-LinkDI-524 is a wireless router from D-Link Corporation of Taiwan, China. A cross-site scripting vulnerability exists in the D-LinkDI-5242.06RU release, which stems from the lack of proper validation of client data by web applications. An attacker could exploit the vulnerability to execute client code
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201904-1005",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "di-524",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "2.06ru"
},
{
"model": "di-524",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "2.06ru"
},
{
"model": "di-524 2.06ru",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-10325"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003503"
},
{
"db": "NVD",
"id": "CVE-2019-11017"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:d-link:di-524_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003503"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Semen Alexandrovich Lyhin",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-523"
}
],
"trust": 0.6
},
"cve": "CVE-2019-11017",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CVE-2019-11017",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-10325",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-142621",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.7,
"id": "CVE-2019-11017",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.8,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2019-11017",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "High",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-11017",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-11017",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2019-10325",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201904-523",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-142621",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-10325"
},
{
"db": "VULHUB",
"id": "VHN-142621"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003503"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-523"
},
{
"db": "NVD",
"id": "CVE-2019-11017"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "On D-Link DI-524 V2.06RU devices, multiple Stored and Reflected XSS vulnerabilities were found in the Web Configuration: /spap.htm, /smap.htm, and /cgi-bin/smap, as demonstrated by the cgi-bin/smap RC parameter. D-Link DI-524 The device contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. D-LinkDI-524 is a wireless router from D-Link Corporation of Taiwan, China. A cross-site scripting vulnerability exists in the D-LinkDI-5242.06RU release, which stems from the lack of proper validation of client data by web applications. An attacker could exploit the vulnerability to execute client code",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-11017"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003503"
},
{
"db": "CNVD",
"id": "CNVD-2019-10325"
},
{
"db": "VULHUB",
"id": "VHN-142621"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-11017",
"trust": 3.1
},
{
"db": "PACKETSTORM",
"id": "152465",
"trust": 3.1
},
{
"db": "EXPLOIT-DB",
"id": "46687",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003503",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201904-523",
"trust": 0.7
},
{
"db": "EXPLOITALERT",
"id": "32767",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2019-10325",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-142621",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-10325"
},
{
"db": "VULHUB",
"id": "VHN-142621"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003503"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-523"
},
{
"db": "NVD",
"id": "CVE-2019-11017"
}
]
},
"id": "VAR-201904-1005",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-10325"
},
{
"db": "VULHUB",
"id": "VHN-142621"
}
],
"trust": 1.2214285999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-10325"
}
]
},
"last_update_date": "2024-11-23T22:06:16.740000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.dlink.com"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003503"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142621"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003503"
},
{
"db": "NVD",
"id": "CVE-2019-11017"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.7,
"url": "http://packetstormsecurity.com/files/152465/d-link-di-524-2.06ru-cross-site-scripting.html"
},
{
"trust": 1.7,
"url": "https://www.exploit-db.com/exploits/46687"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11017"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11017"
},
{
"trust": 0.6,
"url": "https://www.exploitalert.com/view-details.html?id=32767"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-10325"
},
{
"db": "VULHUB",
"id": "VHN-142621"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003503"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-523"
},
{
"db": "NVD",
"id": "CVE-2019-11017"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-10325"
},
{
"db": "VULHUB",
"id": "VHN-142621"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003503"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-523"
},
{
"db": "NVD",
"id": "CVE-2019-11017"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-10325"
},
{
"date": "2019-04-18T00:00:00",
"db": "VULHUB",
"id": "VHN-142621"
},
{
"date": "2019-05-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003503"
},
{
"date": "2019-04-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-523"
},
{
"date": "2019-04-18T18:29:00.640000",
"db": "NVD",
"id": "CVE-2019-11017"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-10325"
},
{
"date": "2019-04-19T00:00:00",
"db": "VULHUB",
"id": "VHN-142621"
},
{
"date": "2019-05-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003503"
},
{
"date": "2019-04-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-523"
},
{
"date": "2024-11-21T04:20:22.150000",
"db": "NVD",
"id": "CVE-2019-11017"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-523"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DI-524 Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-10325"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-523"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-523"
}
],
"trust": 0.6
}
}
CVE-2008-1266 (GCVE-0-2008-1266)
Vulnerability from nvd – Published: 2008-03-10 17:00 – Updated: 2024-08-07 08:17
VLAI?
Summary
Multiple buffer overflows in the web interface on the D-Link DI-524 router allow remote attackers to cause a denial of service (device crash) or possibly have unspecified other impact via (1) a long username or (2) an HTTP header with a large name and an empty value.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:17:34.561Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20080301 The Router Hacking Challenge is Over!",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
},
{
"name": "28439",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28439"
},
{
"name": "29366",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29366"
},
{
"name": "dlink-di524-interface-dos(41125)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41125"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in the web interface on the D-Link DI-524 router allow remote attackers to cause a denial of service (device crash) or possibly have unspecified other impact via (1) a long username or (2) an HTTP header with a large name and an empty value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20080301 The Router Hacking Challenge is Over!",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
},
{
"name": "28439",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28439"
},
{
"name": "29366",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29366"
},
{
"name": "dlink-di524-interface-dos(41125)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41125"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1266",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in the web interface on the D-Link DI-524 router allow remote attackers to cause a denial of service (device crash) or possibly have unspecified other impact via (1) a long username or (2) an HTTP header with a large name and an empty value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080301 The Router Hacking Challenge is Over!",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
},
{
"name": "http://www.gnucitizen.org/projects/router-hacking-challenge/",
"refsource": "MISC",
"url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
},
{
"name": "28439",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28439"
},
{
"name": "29366",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29366"
},
{
"name": "dlink-di524-interface-dos(41125)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41125"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1266",
"datePublished": "2008-03-10T17:00:00",
"dateReserved": "2008-03-10T00:00:00",
"dateUpdated": "2024-08-07T08:17:34.561Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3687 (GCVE-0-2006-3687)
Vulnerability from nvd – Published: 2006-07-18 21:00 – Updated: 2024-08-07 18:39
VLAI?
Summary
Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in D-Link DI-524, DI-604 Broadband Router, DI-624, D-Link DI-784, WBR-1310 Wireless G Router, WBR-2310 RangeBooster G Router, and EBR-2310 Ethernet Broadband Router allows remote attackers to execute arbitrary code via a long M-SEARCH request to UDP port 1900.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:39:53.876Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060717 [EEYEB-20060227] D-Link Router UPNP Stack Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0363.html"
},
{
"name": "20060717 [EEYEB-20060227] D-Link Router UPNP Stack Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/440298/100/0/threaded"
},
{
"name": "20060722 RE: [EEYEB-20060227] D-Link Router UPNP Stack Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/440852/100/100/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.eeye.com/html/research/advisories/AD20060714.html"
},
{
"name": "21081",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21081"
},
{
"name": "27333",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/27333"
},
{
"name": "ADV-2006-2829",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2829"
},
{
"name": "VU#971705",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/971705"
},
{
"name": "19006",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19006"
},
{
"name": "1016511",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016511"
},
{
"name": "dlink-upnp-bo(27755)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27755"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in D-Link DI-524, DI-604 Broadband Router, DI-624, D-Link DI-784, WBR-1310 Wireless G Router, WBR-2310 RangeBooster G Router, and EBR-2310 Ethernet Broadband Router allows remote attackers to execute arbitrary code via a long M-SEARCH request to UDP port 1900."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060717 [EEYEB-20060227] D-Link Router UPNP Stack Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0363.html"
},
{
"name": "20060717 [EEYEB-20060227] D-Link Router UPNP Stack Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/440298/100/0/threaded"
},
{
"name": "20060722 RE: [EEYEB-20060227] D-Link Router UPNP Stack Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/440852/100/100/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.eeye.com/html/research/advisories/AD20060714.html"
},
{
"name": "21081",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21081"
},
{
"name": "27333",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/27333"
},
{
"name": "ADV-2006-2829",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2829"
},
{
"name": "VU#971705",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/971705"
},
{
"name": "19006",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19006"
},
{
"name": "1016511",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016511"
},
{
"name": "dlink-upnp-bo(27755)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27755"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3687",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in D-Link DI-524, DI-604 Broadband Router, DI-624, D-Link DI-784, WBR-1310 Wireless G Router, WBR-2310 RangeBooster G Router, and EBR-2310 Ethernet Broadband Router allows remote attackers to execute arbitrary code via a long M-SEARCH request to UDP port 1900."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060717 [EEYEB-20060227] D-Link Router UPNP Stack Overflow",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0363.html"
},
{
"name": "20060717 [EEYEB-20060227] D-Link Router UPNP Stack Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440298/100/0/threaded"
},
{
"name": "20060722 RE: [EEYEB-20060227] D-Link Router UPNP Stack Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440852/100/100/threaded"
},
{
"name": "http://www.eeye.com/html/research/advisories/AD20060714.html",
"refsource": "MISC",
"url": "http://www.eeye.com/html/research/advisories/AD20060714.html"
},
{
"name": "21081",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21081"
},
{
"name": "27333",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27333"
},
{
"name": "ADV-2006-2829",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2829"
},
{
"name": "VU#971705",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/971705"
},
{
"name": "19006",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19006"
},
{
"name": "1016511",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016511"
},
{
"name": "dlink-upnp-bo(27755)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27755"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3687",
"datePublished": "2006-07-18T21:00:00",
"dateReserved": "2006-07-18T00:00:00",
"dateUpdated": "2024-08-07T18:39:53.876Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4723 (GCVE-0-2005-4723)
Vulnerability from nvd – Published: 2006-02-15 11:00 – Updated: 2024-08-07 23:53
VLAI?
Summary
D-Link DI-524 Wireless Router, DI-624 Wireless Router, and DI-784 allow remote attackers to cause a denial of service (device reboot) via a series of crafted fragmented UDP packets, possibly involving a missing fragment.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:53:29.007Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060210 [thunkers.net] D-Link Fragmented UDP DoS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0188.html"
},
{
"name": "ADV-2006-0563",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0563"
},
{
"name": "dlink-udp-fragment-dos(24631)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24631"
},
{
"name": "16621",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16621"
},
{
"name": "18833",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18833"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.thunkers.net/~deft/advisories/dlink_udp_dos.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "D-Link DI-524 Wireless Router, DI-624 Wireless Router, and DI-784 allow remote attackers to cause a denial of service (device reboot) via a series of crafted fragmented UDP packets, possibly involving a missing fragment."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060210 [thunkers.net] D-Link Fragmented UDP DoS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0188.html"
},
{
"name": "ADV-2006-0563",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0563"
},
{
"name": "dlink-udp-fragment-dos(24631)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24631"
},
{
"name": "16621",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16621"
},
{
"name": "18833",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18833"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.thunkers.net/~deft/advisories/dlink_udp_dos.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4723",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "D-Link DI-524 Wireless Router, DI-624 Wireless Router, and DI-784 allow remote attackers to cause a denial of service (device reboot) via a series of crafted fragmented UDP packets, possibly involving a missing fragment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060210 [thunkers.net] D-Link Fragmented UDP DoS Vulnerability",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0188.html"
},
{
"name": "ADV-2006-0563",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0563"
},
{
"name": "dlink-udp-fragment-dos(24631)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24631"
},
{
"name": "16621",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16621"
},
{
"name": "18833",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18833"
},
{
"name": "http://www.thunkers.net/~deft/advisories/dlink_udp_dos.txt",
"refsource": "MISC",
"url": "http://www.thunkers.net/~deft/advisories/dlink_udp_dos.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4723",
"datePublished": "2006-02-15T11:00:00",
"dateReserved": "2006-02-15T00:00:00",
"dateUpdated": "2024-08-07T23:53:29.007Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1266 (GCVE-0-2008-1266)
Vulnerability from cvelistv5 – Published: 2008-03-10 17:00 – Updated: 2024-08-07 08:17
VLAI?
Summary
Multiple buffer overflows in the web interface on the D-Link DI-524 router allow remote attackers to cause a denial of service (device crash) or possibly have unspecified other impact via (1) a long username or (2) an HTTP header with a large name and an empty value.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:17:34.561Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20080301 The Router Hacking Challenge is Over!",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
},
{
"name": "28439",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28439"
},
{
"name": "29366",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29366"
},
{
"name": "dlink-di524-interface-dos(41125)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41125"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in the web interface on the D-Link DI-524 router allow remote attackers to cause a denial of service (device crash) or possibly have unspecified other impact via (1) a long username or (2) an HTTP header with a large name and an empty value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20080301 The Router Hacking Challenge is Over!",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
},
{
"name": "28439",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28439"
},
{
"name": "29366",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29366"
},
{
"name": "dlink-di524-interface-dos(41125)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41125"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1266",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in the web interface on the D-Link DI-524 router allow remote attackers to cause a denial of service (device crash) or possibly have unspecified other impact via (1) a long username or (2) an HTTP header with a large name and an empty value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080301 The Router Hacking Challenge is Over!",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
},
{
"name": "http://www.gnucitizen.org/projects/router-hacking-challenge/",
"refsource": "MISC",
"url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
},
{
"name": "28439",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28439"
},
{
"name": "29366",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29366"
},
{
"name": "dlink-di524-interface-dos(41125)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41125"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1266",
"datePublished": "2008-03-10T17:00:00",
"dateReserved": "2008-03-10T00:00:00",
"dateUpdated": "2024-08-07T08:17:34.561Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3687 (GCVE-0-2006-3687)
Vulnerability from cvelistv5 – Published: 2006-07-18 21:00 – Updated: 2024-08-07 18:39
VLAI?
Summary
Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in D-Link DI-524, DI-604 Broadband Router, DI-624, D-Link DI-784, WBR-1310 Wireless G Router, WBR-2310 RangeBooster G Router, and EBR-2310 Ethernet Broadband Router allows remote attackers to execute arbitrary code via a long M-SEARCH request to UDP port 1900.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:39:53.876Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060717 [EEYEB-20060227] D-Link Router UPNP Stack Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0363.html"
},
{
"name": "20060717 [EEYEB-20060227] D-Link Router UPNP Stack Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/440298/100/0/threaded"
},
{
"name": "20060722 RE: [EEYEB-20060227] D-Link Router UPNP Stack Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/440852/100/100/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.eeye.com/html/research/advisories/AD20060714.html"
},
{
"name": "21081",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21081"
},
{
"name": "27333",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/27333"
},
{
"name": "ADV-2006-2829",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2829"
},
{
"name": "VU#971705",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/971705"
},
{
"name": "19006",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19006"
},
{
"name": "1016511",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016511"
},
{
"name": "dlink-upnp-bo(27755)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27755"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in D-Link DI-524, DI-604 Broadband Router, DI-624, D-Link DI-784, WBR-1310 Wireless G Router, WBR-2310 RangeBooster G Router, and EBR-2310 Ethernet Broadband Router allows remote attackers to execute arbitrary code via a long M-SEARCH request to UDP port 1900."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060717 [EEYEB-20060227] D-Link Router UPNP Stack Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0363.html"
},
{
"name": "20060717 [EEYEB-20060227] D-Link Router UPNP Stack Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/440298/100/0/threaded"
},
{
"name": "20060722 RE: [EEYEB-20060227] D-Link Router UPNP Stack Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/440852/100/100/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.eeye.com/html/research/advisories/AD20060714.html"
},
{
"name": "21081",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21081"
},
{
"name": "27333",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/27333"
},
{
"name": "ADV-2006-2829",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2829"
},
{
"name": "VU#971705",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/971705"
},
{
"name": "19006",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19006"
},
{
"name": "1016511",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016511"
},
{
"name": "dlink-upnp-bo(27755)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27755"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3687",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in D-Link DI-524, DI-604 Broadband Router, DI-624, D-Link DI-784, WBR-1310 Wireless G Router, WBR-2310 RangeBooster G Router, and EBR-2310 Ethernet Broadband Router allows remote attackers to execute arbitrary code via a long M-SEARCH request to UDP port 1900."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060717 [EEYEB-20060227] D-Link Router UPNP Stack Overflow",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0363.html"
},
{
"name": "20060717 [EEYEB-20060227] D-Link Router UPNP Stack Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440298/100/0/threaded"
},
{
"name": "20060722 RE: [EEYEB-20060227] D-Link Router UPNP Stack Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440852/100/100/threaded"
},
{
"name": "http://www.eeye.com/html/research/advisories/AD20060714.html",
"refsource": "MISC",
"url": "http://www.eeye.com/html/research/advisories/AD20060714.html"
},
{
"name": "21081",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21081"
},
{
"name": "27333",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27333"
},
{
"name": "ADV-2006-2829",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2829"
},
{
"name": "VU#971705",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/971705"
},
{
"name": "19006",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19006"
},
{
"name": "1016511",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016511"
},
{
"name": "dlink-upnp-bo(27755)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27755"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3687",
"datePublished": "2006-07-18T21:00:00",
"dateReserved": "2006-07-18T00:00:00",
"dateUpdated": "2024-08-07T18:39:53.876Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4723 (GCVE-0-2005-4723)
Vulnerability from cvelistv5 – Published: 2006-02-15 11:00 – Updated: 2024-08-07 23:53
VLAI?
Summary
D-Link DI-524 Wireless Router, DI-624 Wireless Router, and DI-784 allow remote attackers to cause a denial of service (device reboot) via a series of crafted fragmented UDP packets, possibly involving a missing fragment.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:53:29.007Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060210 [thunkers.net] D-Link Fragmented UDP DoS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0188.html"
},
{
"name": "ADV-2006-0563",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0563"
},
{
"name": "dlink-udp-fragment-dos(24631)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24631"
},
{
"name": "16621",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16621"
},
{
"name": "18833",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18833"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.thunkers.net/~deft/advisories/dlink_udp_dos.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "D-Link DI-524 Wireless Router, DI-624 Wireless Router, and DI-784 allow remote attackers to cause a denial of service (device reboot) via a series of crafted fragmented UDP packets, possibly involving a missing fragment."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060210 [thunkers.net] D-Link Fragmented UDP DoS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0188.html"
},
{
"name": "ADV-2006-0563",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0563"
},
{
"name": "dlink-udp-fragment-dos(24631)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24631"
},
{
"name": "16621",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16621"
},
{
"name": "18833",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18833"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.thunkers.net/~deft/advisories/dlink_udp_dos.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4723",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "D-Link DI-524 Wireless Router, DI-624 Wireless Router, and DI-784 allow remote attackers to cause a denial of service (device reboot) via a series of crafted fragmented UDP packets, possibly involving a missing fragment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060210 [thunkers.net] D-Link Fragmented UDP DoS Vulnerability",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0188.html"
},
{
"name": "ADV-2006-0563",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0563"
},
{
"name": "dlink-udp-fragment-dos(24631)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24631"
},
{
"name": "16621",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16621"
},
{
"name": "18833",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18833"
},
{
"name": "http://www.thunkers.net/~deft/advisories/dlink_udp_dos.txt",
"refsource": "MISC",
"url": "http://www.thunkers.net/~deft/advisories/dlink_udp_dos.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4723",
"datePublished": "2006-02-15T11:00:00",
"dateReserved": "2006-02-15T00:00:00",
"dateUpdated": "2024-08-07T23:53:29.007Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}