Search criteria
9 vulnerabilities found for di-624 by dlink
VAR-200607-0199
Vulnerability from variot - Updated: 2025-04-03 22:38Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in D-Link DI-524, DI-604 Broadband Router, DI-624, D-Link DI-784, WBR-1310 Wireless G Router, WBR-2310 RangeBooster G Router, and EBR-2310 Ethernet Broadband Router allows remote attackers to execute arbitrary code via a long M-SEARCH request to UDP port 1900. A buffer overflow vulnerability in the software that operates certain models of D-Link routers could allow a remote attacker to execute arbitrary code on the affected device. D-Link is an internationally renowned provider of network equipment and solutions, and its products include a variety of router equipment.
If an attacker can send an M-SEARCH request with an excessively long parameter (about 800 bytes) to the LAN interface of the vulnerable D-Link device, it will trigger a stack overflow and cause reliable execution of arbitrary instructions. The attack does not affect network connectivity and shows no signs. In some cases, a soft restart of the device may be required, resulting in a temporary loss of connectivity. D-Link wired and wireless routers are prone to a buffer-overflow vulnerability because these devices fail to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. D-Link is a network company founded by Taiwan D-Link Group, dedicated to the R&D, production and marketing of LAN, broadband network, wireless network, voice network and related network equipment
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200607-0199",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "di-524",
"scope": null,
"trust": 1.4,
"vendor": "d link",
"version": null
},
{
"model": "di-624",
"scope": null,
"trust": 1.4,
"vendor": "d link",
"version": null
},
{
"model": "di-784",
"scope": null,
"trust": 1.4,
"vendor": "d link",
"version": null
},
{
"model": "ebr-2310 ethernet broadband router",
"scope": null,
"trust": 1.4,
"vendor": "d link",
"version": null
},
{
"model": "wbr-1310 wireless g router",
"scope": null,
"trust": 1.4,
"vendor": "d link",
"version": null
},
{
"model": "wbr-2310 rangebooster g router",
"scope": null,
"trust": 1.4,
"vendor": "d link",
"version": null
},
{
"model": "wbr-1310 wireless g router",
"scope": "eq",
"trust": 1.0,
"vendor": "d link",
"version": "*"
},
{
"model": "di-784",
"scope": "eq",
"trust": 1.0,
"vendor": "d link",
"version": "*"
},
{
"model": "di-624",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "*"
},
{
"model": "ebr-2310 ethernet broadband router",
"scope": "eq",
"trust": 1.0,
"vendor": "d link",
"version": "*"
},
{
"model": "di-524",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "*"
},
{
"model": "wbr-2310 rangebooster g router",
"scope": "eq",
"trust": 1.0,
"vendor": "d link",
"version": "*"
},
{
"model": "di-604 broadband router",
"scope": "eq",
"trust": 1.0,
"vendor": "d link",
"version": "*"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "di-604",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "none",
"version": null
},
{
"model": "di-604 broadband router",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "wbr-2310 rev a",
"scope": null,
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"model": "wbr-1310 rev a",
"scope": null,
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"model": "ebr-2310 rev a",
"scope": null,
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"model": "di-784 rev a",
"scope": null,
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"model": "di-624 rev d",
"scope": null,
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"model": "di-624 rev c",
"scope": null,
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"model": "di-604 rev e",
"scope": null,
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"model": "di-524 rev d",
"scope": null,
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"model": "di-524 rev c",
"scope": null,
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"model": "di-524 rev b2",
"scope": null,
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"model": "di-524 rev b1",
"scope": null,
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"model": "di-524 rev a",
"scope": null,
"trust": 0.3,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#971705"
},
{
"db": "CNVD",
"id": "CNVD-2006-5380"
},
{
"db": "BID",
"id": "19006"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002812"
},
{
"db": "CNNVD",
"id": "CNNVD-200607-297"
},
{
"db": "NVD",
"id": "CVE-2006-3687"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:d-link:di-524",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:d-link:di-604",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:d-link:di-624",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:d-link:di-784",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:d-link:ebr-2310_ethernet_broadband_router",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:d-link:wbr-1310_wireless_g_router",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:d-link:wbr-2310_rangebooster_g_router",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-002812"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Barnaby Jack",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200607-297"
}
],
"trust": 0.6
},
"cve": "CVE-2006-3687",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2006-3687",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-19795",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2006-3687",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#971705",
"trust": 0.8,
"value": "0.14"
},
{
"author": "NVD",
"id": "CVE-2006-3687",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200607-297",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-19795",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#971705"
},
{
"db": "VULHUB",
"id": "VHN-19795"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002812"
},
{
"db": "CNNVD",
"id": "CNNVD-200607-297"
},
{
"db": "NVD",
"id": "CVE-2006-3687"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in D-Link DI-524, DI-604 Broadband Router, DI-624, D-Link DI-784, WBR-1310 Wireless G Router, WBR-2310 RangeBooster G Router, and EBR-2310 Ethernet Broadband Router allows remote attackers to execute arbitrary code via a long M-SEARCH request to UDP port 1900. A buffer overflow vulnerability in the software that operates certain models of D-Link routers could allow a remote attacker to execute arbitrary code on the affected device. D-Link is an internationally renowned provider of network equipment and solutions, and its products include a variety of router equipment. \n\n\u00a0If an attacker can send an M-SEARCH request with an excessively long parameter (about 800 bytes) to the LAN interface of the vulnerable D-Link device, it will trigger a stack overflow and cause reliable execution of arbitrary instructions. The attack does not affect network connectivity and shows no signs. In some cases, a soft restart of the device may be required, resulting in a temporary loss of connectivity. D-Link wired and wireless routers are prone to a buffer-overflow vulnerability because these devices fail to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. D-Link is a network company founded by Taiwan D-Link Group, dedicated to the R\u0026D, production and marketing of LAN, broadband network, wireless network, voice network and related network equipment",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-3687"
},
{
"db": "CERT/CC",
"id": "VU#971705"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002812"
},
{
"db": "CNVD",
"id": "CNVD-2006-5380"
},
{
"db": "BID",
"id": "19006"
},
{
"db": "VULHUB",
"id": "VHN-19795"
}
],
"trust": 3.24
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-19795",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-19795"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#971705",
"trust": 3.3
},
{
"db": "NVD",
"id": "CVE-2006-3687",
"trust": 3.1
},
{
"db": "SECUNIA",
"id": "21081",
"trust": 2.5
},
{
"db": "BID",
"id": "19006",
"trust": 2.0
},
{
"db": "VUPEN",
"id": "ADV-2006-2829",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1016511",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "27333",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002812",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200607-297",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2006-5380",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-81807",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "28230",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-19795",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#971705"
},
{
"db": "CNVD",
"id": "CNVD-2006-5380"
},
{
"db": "VULHUB",
"id": "VHN-19795"
},
{
"db": "BID",
"id": "19006"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002812"
},
{
"db": "CNNVD",
"id": "CNNVD-200607-297"
},
{
"db": "NVD",
"id": "CVE-2006-3687"
}
]
},
"id": "VAR-200607-0199",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-5380"
},
{
"db": "VULHUB",
"id": "VHN-19795"
}
],
"trust": 1.2214285999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-5380"
}
]
},
"last_update_date": "2025-04-03T22:38:54.529000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.dlink.com"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-002812"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-3687"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.eeye.com/html/research/advisories/ad20060714.html"
},
{
"trust": 2.5,
"url": "http://www.kb.cert.org/vuls/id/971705"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/19006"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/440298/100/0/threaded"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/440852/100/100/threaded"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0363.html"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/27333"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1016511"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/21081"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2006/2829"
},
{
"trust": 1.7,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27755"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/21081/"
},
{
"trust": 0.8,
"url": "http://support.dlink.com/products/view.asp?productid=di%2d524"
},
{
"trust": 0.8,
"url": "http://support.dlink.com/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3687"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-3687"
},
{
"trust": 0.3,
"url": "http://www.dlink.com/"
},
{
"trust": 0.3,
"url": "/archive/1/440298"
},
{
"trust": 0.3,
"url": "/archive/1/440852"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#971705"
},
{
"db": "VULHUB",
"id": "VHN-19795"
},
{
"db": "BID",
"id": "19006"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002812"
},
{
"db": "CNNVD",
"id": "CNNVD-200607-297"
},
{
"db": "NVD",
"id": "CVE-2006-3687"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#971705"
},
{
"db": "CNVD",
"id": "CNVD-2006-5380"
},
{
"db": "VULHUB",
"id": "VHN-19795"
},
{
"db": "BID",
"id": "19006"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002812"
},
{
"db": "CNNVD",
"id": "CNNVD-200607-297"
},
{
"db": "NVD",
"id": "CVE-2006-3687"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-08-03T00:00:00",
"db": "CERT/CC",
"id": "VU#971705"
},
{
"date": "2006-07-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2006-5380"
},
{
"date": "2006-07-21T00:00:00",
"db": "VULHUB",
"id": "VHN-19795"
},
{
"date": "2006-07-17T00:00:00",
"db": "BID",
"id": "19006"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-002812"
},
{
"date": "2006-07-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200607-297"
},
{
"date": "2006-07-21T14:03:00",
"db": "NVD",
"id": "CVE-2006-3687"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-01-23T00:00:00",
"db": "CERT/CC",
"id": "VU#971705"
},
{
"date": "2006-07-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2006-5380"
},
{
"date": "2018-10-18T00:00:00",
"db": "VULHUB",
"id": "VHN-19795"
},
{
"date": "2006-07-24T18:02:00",
"db": "BID",
"id": "19006"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-002812"
},
{
"date": "2023-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200607-297"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2006-3687"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200607-297"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple D-Link routers fail to properly process UPnP M-SEARCH requests",
"sources": [
{
"db": "CERT/CC",
"id": "VU#971705"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200607-297"
}
],
"trust": 0.6
}
}
VAR-200412-0052
Vulnerability from variot - Updated: 2025-04-03 22:26Cross-site scripting (XSS) vulnerability in D-Link DI-614+ SOHO router running firmware 2.30, and DI-704 SOHO router running firmware 2.60B2, and DI-624, allows remote attackers to inject arbitrary script or HTML via the DHCP HOSTNAME option in a DHCP request. It is reported that the DI-614+, DI-704, and the DI-624 are susceptible to an HTML injection vulnerability in their DHCP log. An attacker who has access to the wireless, or internal network segments of the router can craft malicious DHCP hostnames, that when sent to the router, will be logged for later viewing by the administrator of the device. The injected HTML can be used to cause the administrator to make unintended changes to the configuration of the router. Other attacks may be possible. Although only the DI-614+, DI-704, and the DI-624 are reported vulnerable, code reuse across devices is common and other products may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200412-0052",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "di-614\\+",
"scope": "eq",
"trust": 1.6,
"vendor": "d link",
"version": "2.30"
},
{
"model": "di-704p",
"scope": "eq",
"trust": 1.6,
"vendor": "d link",
"version": "2.60b2"
},
{
"model": "di-624",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.28"
},
{
"model": "di-624",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.28"
},
{
"model": "dl-704 b2",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "2.60"
},
{
"model": "dl-704 b6",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "2.56"
},
{
"model": "dl-704 b5",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "2.56"
},
{
"model": "di-624 soho router",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "1.28"
},
{
"model": "di-614+",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "2.18"
},
{
"model": "di-614+",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "2.10"
},
{
"model": "di-614+ f",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "2.0"
},
{
"model": "di-614+ 3g",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "2.0"
},
{
"model": "di-614+",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "2.03"
},
{
"model": "di-614+",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "2.0"
}
],
"sources": [
{
"db": "BID",
"id": "10587"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-032"
},
{
"db": "NVD",
"id": "CVE-2004-0615"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "c3rb3r",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-032"
}
],
"trust": 0.6
},
"cve": "CVE-2004-0615",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "CVE-2004-0615",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "VHN-9045",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2004-0615",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200412-032",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-9045",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-9045"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-032"
},
{
"db": "NVD",
"id": "CVE-2004-0615"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in D-Link DI-614+ SOHO router running firmware 2.30, and DI-704 SOHO router running firmware 2.60B2, and DI-624, allows remote attackers to inject arbitrary script or HTML via the DHCP HOSTNAME option in a DHCP request. It is reported that the DI-614+, DI-704, and the DI-624 are susceptible to an HTML injection vulnerability in their DHCP log. \nAn attacker who has access to the wireless, or internal network segments of the router can craft malicious DHCP hostnames, that when sent to the router, will be logged for later viewing by the administrator of the device. \nThe injected HTML can be used to cause the administrator to make unintended changes to the configuration of the router. Other attacks may be possible. \nAlthough only the DI-614+, DI-704, and the DI-624 are reported vulnerable, code reuse across devices is common and other products may also be affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0615"
},
{
"db": "BID",
"id": "10587"
},
{
"db": "VULHUB",
"id": "VHN-9045"
}
],
"trust": 1.26
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-9045",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-9045"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "10587",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "11919",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1010562",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "7211",
"trust": 1.7
},
{
"db": "NVD",
"id": "CVE-2004-0615",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200412-032",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-77959",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "24226",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-9045",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-9045"
},
{
"db": "BID",
"id": "10587"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-032"
},
{
"db": "NVD",
"id": "CVE-2004-0615"
}
]
},
"id": "VAR-200412-0052",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-9045"
}
],
"trust": 0.53333334
},
"last_update_date": "2025-04-03T22:26:17.919000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "A variety of D-Link products Vulnerability fixes",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=234979"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-032"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0615"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/10587"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-07/0014.html"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/7211"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1010562"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/11919"
},
{
"trust": 1.7,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16468"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=108786257609932\u0026w=2"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=108797273127182\u0026w=2"
},
{
"trust": 0.3,
"url": "http://www.d-link.com/"
},
{
"trust": 0.3,
"url": "/archive/1/366615"
},
{
"trust": 0.3,
"url": "/archive/1/367855"
},
{
"trust": 0.3,
"url": "/archive/1/366826"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=108786257609932\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=108797273127182\u0026amp;w=2"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-9045"
},
{
"db": "BID",
"id": "10587"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-032"
},
{
"db": "NVD",
"id": "CVE-2004-0615"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-9045"
},
{
"db": "BID",
"id": "10587"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-032"
},
{
"db": "NVD",
"id": "CVE-2004-0615"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-12-06T00:00:00",
"db": "VULHUB",
"id": "VHN-9045"
},
{
"date": "2004-06-21T00:00:00",
"db": "BID",
"id": "10587"
},
{
"date": "2004-12-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-032"
},
{
"date": "2004-12-06T05:00:00",
"db": "NVD",
"id": "CVE-2004-0615"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-9045"
},
{
"date": "2004-06-21T00:00:00",
"db": "BID",
"id": "10587"
},
{
"date": "2023-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-032"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2004-0615"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-032"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple D-Link products Security hole",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-032"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-032"
}
],
"trust": 0.6
}
}
VAR-200512-0918
Vulnerability from variot - Updated: 2025-04-03 22:10D-Link DI-524 Wireless Router, DI-624 Wireless Router, and DI-784 allow remote attackers to cause a denial of service (device reboot) via a series of crafted fragmented UDP packets, possibly involving a missing fragment. D-Link is an internationally renowned provider of network equipment and solutions, and its products include a variety of router equipment.
D-Link's multiple wireless access routers have a denial of service vulnerability. Remote attackers may use this vulnerability to conduct denial of service attacks on devices.
If the attacker sends three consecutive fragmented UDP packets as follows, the device will restart:
The IP header of all messages must have the same Identification Number.
Message 1:
The MORE_FRAGMENTS flag must be set to 1 (IP_MF)
Debris offset = 0
The effective part size of the message is 8 bytes. Null bytes were used in the attack code.
Message 2:
Set the MORE_FRAGMENTS flag to 1 (0x2002)
Debris offset = 16
The valid part is 8 bytes long.
Message 3:
Set the MORE_FRAGMENTS flag to 0 (0x0003)
Debris offset = 24
The valid part is 8 bytes long.
Upon receiving the above message, the affected router will immediately terminate all current connections. DI-524 takes about 1 minute to restart to restore the connection, and DI-624 takes about 30 seconds to restart. This issue is due to a flaw in affected devices that causes them to fail when attempting to reassemble certain IP packets. D-Link DI-524, DI-624, and Di-784 devices are affected by this issue. Due to code reuse among routers, other devices may also be affected. It is reported that US Robotics USR8054 devices are also affected. D-Link is a network company founded by Taiwan D-Link Group, dedicated to the R&D, production and marketing of LAN, broadband network, wireless network, voice network and related network equipment.
TITLE: D-Link Wireless Access Point Denial of Service Vulnerability
SECUNIA ADVISORY ID: SA18833
VERIFY ADVISORY: http://secunia.com/advisories/18833/
CRITICAL: Moderately critical
IMPACT: DoS
WHERE:
From remote
OPERATING SYSTEM: D-Link DI-784 http://secunia.com/product/8029/ D-Link DI-624 http://secunia.com/product/3660/ D-Link DI-524 http://secunia.com/product/8028/
DESCRIPTION: Aaron Portnoy and Keefe Johnson has reported a vulnerability in D-Link Wireless Access Point, which potentially can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error in the handling of fragmented UDP packets.
The vulnerability has been reported in the following products: * D-Link DI-524 Wireless Router (firmware version 3.20 August 18, 2005). * D-Link DI-624 Wireless Router. * D-Link DI-784.
SOLUTION: The vulnerability has reportedly been fixed in the latest firmware.
PROVIDED AND/OR DISCOVERED BY: Aaron Portnoy and Keefe Johnson
ORIGINAL ADVISORY: http://www.thunkers.net/~deft/advisories/dlink_udp_dos.txt
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200512-0918",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "di-524",
"scope": "eq",
"trust": 1.9,
"vendor": "d link",
"version": "3.20"
},
{
"model": "di-624",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "*"
},
{
"model": "di-784",
"scope": "eq",
"trust": 1.0,
"vendor": "d link",
"version": "*"
},
{
"model": "di-524",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "*"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "none",
"version": null
},
{
"model": "di-784",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "di-524",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "di-624",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "usr8054",
"scope": "eq",
"trust": 0.3,
"vendor": "u s robotics",
"version": "0"
},
{
"model": "di-784",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "0"
},
{
"model": "di-624",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "0"
},
{
"model": "di-524",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "0"
},
{
"model": "di-614+",
"scope": "ne",
"trust": 0.3,
"vendor": "d link",
"version": "2.30"
},
{
"model": "di-614+",
"scope": "ne",
"trust": 0.3,
"vendor": "d link",
"version": "2.18"
},
{
"model": "di-614+",
"scope": "ne",
"trust": 0.3,
"vendor": "d link",
"version": "2.10"
},
{
"model": "di-614+ f",
"scope": "ne",
"trust": 0.3,
"vendor": "d link",
"version": "2.0"
},
{
"model": "di-614+ 3g",
"scope": "ne",
"trust": 0.3,
"vendor": "d link",
"version": "2.0"
},
{
"model": "di-614+",
"scope": "ne",
"trust": 0.3,
"vendor": "d link",
"version": "2.03"
},
{
"model": "di-614+",
"scope": "ne",
"trust": 0.3,
"vendor": "d link",
"version": "2.0"
},
{
"model": "di-604",
"scope": "ne",
"trust": 0.3,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-0807"
},
{
"db": "BID",
"id": "16621"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-848"
},
{
"db": "NVD",
"id": "CVE-2005-4723"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aaron Portnoy aportnoy@ccs.neu.edu",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-848"
}
],
"trust": 0.6
},
"cve": "CVE-2005-4723",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2005-4723",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-15931",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2005-4723",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200512-848",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-15931",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-15931"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-848"
},
{
"db": "NVD",
"id": "CVE-2005-4723"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DI-524 Wireless Router, DI-624 Wireless Router, and DI-784 allow remote attackers to cause a denial of service (device reboot) via a series of crafted fragmented UDP packets, possibly involving a missing fragment. D-Link is an internationally renowned provider of network equipment and solutions, and its products include a variety of router equipment. \n\n\u00a0D-Link\u0027s multiple wireless access routers have a denial of service vulnerability. Remote attackers may use this vulnerability to conduct denial of service attacks on devices. \n\n\u00a0If the attacker sends three consecutive fragmented UDP packets as follows, the device will restart:\n\n\u00a0The IP header of all messages must have the same Identification Number. \n\n\u00a0Message 1:\n\n\u00a0The MORE_FRAGMENTS flag must be set to 1 (IP_MF)\n\n\u00a0Debris offset = 0\n\n\u00a0The effective part size of the message is 8 bytes. Null bytes were used in the attack code. \n\n\u00a0Message 2:\n\n\u00a0Set the MORE_FRAGMENTS flag to 1 (0x2002)\n\n\u00a0Debris offset = 16\n\n\u00a0The valid part is 8 bytes long. \n\n\u00a0Message 3:\n\n\u00a0Set the MORE_FRAGMENTS flag to 0 (0x0003)\n\n\u00a0Debris offset = 24\n\n\u00a0The valid part is 8 bytes long. \n\n\u00a0Upon receiving the above message, the affected router will immediately terminate all current connections. DI-524 takes about 1 minute to restart to restore the connection, and DI-624 takes about 30 seconds to restart. This issue is due to a flaw in affected devices that causes them to fail when attempting to reassemble certain IP packets. \nD-Link DI-524, DI-624, and Di-784 devices are affected by this issue. Due to code reuse among routers, other devices may also be affected. \nIt is reported that US Robotics USR8054 devices are also affected. D-Link is a network company founded by Taiwan D-Link Group, dedicated to the R\u0026D, production and marketing of LAN, broadband network, wireless network, voice network and related network equipment. \n\nTITLE:\nD-Link Wireless Access Point Denial of Service Vulnerability\n\nSECUNIA ADVISORY ID:\nSA18833\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/18833/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nDoS\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nD-Link DI-784\nhttp://secunia.com/product/8029/\nD-Link DI-624\nhttp://secunia.com/product/3660/\nD-Link DI-524\nhttp://secunia.com/product/8028/\n\nDESCRIPTION:\nAaron Portnoy and Keefe Johnson has reported a vulnerability in\nD-Link Wireless Access Point, which potentially can be exploited by\nmalicious people to cause a DoS (Denial of Service). \n\nThe vulnerability is caused due to an error in the handling of\nfragmented UDP packets. \n\nThe vulnerability has been reported in the following products:\n* D-Link DI-524 Wireless Router (firmware version 3.20 August 18,\n2005). \n* D-Link DI-624 Wireless Router. \n* D-Link DI-784. \n\nSOLUTION:\nThe vulnerability has reportedly been fixed in the latest firmware. \n\nPROVIDED AND/OR DISCOVERED BY:\nAaron Portnoy and Keefe Johnson\n\nORIGINAL ADVISORY:\nhttp://www.thunkers.net/~deft/advisories/dlink_udp_dos.txt\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-4723"
},
{
"db": "CNVD",
"id": "CNVD-2006-0807"
},
{
"db": "BID",
"id": "16621"
},
{
"db": "VULHUB",
"id": "VHN-15931"
},
{
"db": "PACKETSTORM",
"id": "43828"
}
],
"trust": 1.89
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-15931",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-15931"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2005-4723",
"trust": 2.3
},
{
"db": "BID",
"id": "16621",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "18833",
"trust": 1.8
},
{
"db": "VUPEN",
"id": "ADV-2006-0563",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200512-848",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2006-0807",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "1496",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-15931",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "43828",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-0807"
},
{
"db": "VULHUB",
"id": "VHN-15931"
},
{
"db": "BID",
"id": "16621"
},
{
"db": "PACKETSTORM",
"id": "43828"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-848"
},
{
"db": "NVD",
"id": "CVE-2005-4723"
}
]
},
"id": "VAR-200512-0918",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-0807"
},
{
"db": "VULHUB",
"id": "VHN-15931"
}
],
"trust": 1.2214285999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-0807"
}
]
},
"last_update_date": "2025-04-03T22:10:45.588000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-4723"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.thunkers.net/~deft/advisories/dlink_udp_dos.txt"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/16621"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0188.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/18833"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2006/0563"
},
{
"trust": 1.7,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24631"
},
{
"trust": 0.3,
"url": "http://thunkers.net/~deft/advisories/dlink_udp_dos.txt"
},
{
"trust": 0.3,
"url": "http://www.usr.com/"
},
{
"trust": 0.3,
"url": "http://www.d-link.com/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/8029/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/8028/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/18833/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/3660/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-15931"
},
{
"db": "BID",
"id": "16621"
},
{
"db": "PACKETSTORM",
"id": "43828"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-848"
},
{
"db": "NVD",
"id": "CVE-2005-4723"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2006-0807"
},
{
"db": "VULHUB",
"id": "VHN-15931"
},
{
"db": "BID",
"id": "16621"
},
{
"db": "PACKETSTORM",
"id": "43828"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-848"
},
{
"db": "NVD",
"id": "CVE-2005-4723"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-02-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2006-0807"
},
{
"date": "2005-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-15931"
},
{
"date": "2006-02-13T00:00:00",
"db": "BID",
"id": "16621"
},
{
"date": "2006-02-14T20:21:41",
"db": "PACKETSTORM",
"id": "43828"
},
{
"date": "2005-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200512-848"
},
{
"date": "2005-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2005-4723"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-02-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2006-0807"
},
{
"date": "2017-07-20T00:00:00",
"db": "VULHUB",
"id": "VHN-15931"
},
{
"date": "2006-02-14T18:53:00",
"db": "BID",
"id": "16621"
},
{
"date": "2023-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200512-848"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2005-4723"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-848"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple D-Link Products IP Packet Reassembly Denial of Service Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-0807"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-848"
}
],
"trust": 0.6
}
}
CVE-2006-3687 (GCVE-0-2006-3687)
Vulnerability from nvd – Published: 2006-07-18 21:00 – Updated: 2024-08-07 18:39
VLAI?
Summary
Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in D-Link DI-524, DI-604 Broadband Router, DI-624, D-Link DI-784, WBR-1310 Wireless G Router, WBR-2310 RangeBooster G Router, and EBR-2310 Ethernet Broadband Router allows remote attackers to execute arbitrary code via a long M-SEARCH request to UDP port 1900.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:39:53.876Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060717 [EEYEB-20060227] D-Link Router UPNP Stack Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0363.html"
},
{
"name": "20060717 [EEYEB-20060227] D-Link Router UPNP Stack Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/440298/100/0/threaded"
},
{
"name": "20060722 RE: [EEYEB-20060227] D-Link Router UPNP Stack Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/440852/100/100/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.eeye.com/html/research/advisories/AD20060714.html"
},
{
"name": "21081",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21081"
},
{
"name": "27333",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/27333"
},
{
"name": "ADV-2006-2829",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2829"
},
{
"name": "VU#971705",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/971705"
},
{
"name": "19006",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19006"
},
{
"name": "1016511",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016511"
},
{
"name": "dlink-upnp-bo(27755)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27755"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in D-Link DI-524, DI-604 Broadband Router, DI-624, D-Link DI-784, WBR-1310 Wireless G Router, WBR-2310 RangeBooster G Router, and EBR-2310 Ethernet Broadband Router allows remote attackers to execute arbitrary code via a long M-SEARCH request to UDP port 1900."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060717 [EEYEB-20060227] D-Link Router UPNP Stack Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0363.html"
},
{
"name": "20060717 [EEYEB-20060227] D-Link Router UPNP Stack Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/440298/100/0/threaded"
},
{
"name": "20060722 RE: [EEYEB-20060227] D-Link Router UPNP Stack Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/440852/100/100/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.eeye.com/html/research/advisories/AD20060714.html"
},
{
"name": "21081",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21081"
},
{
"name": "27333",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/27333"
},
{
"name": "ADV-2006-2829",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2829"
},
{
"name": "VU#971705",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/971705"
},
{
"name": "19006",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19006"
},
{
"name": "1016511",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016511"
},
{
"name": "dlink-upnp-bo(27755)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27755"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3687",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in D-Link DI-524, DI-604 Broadband Router, DI-624, D-Link DI-784, WBR-1310 Wireless G Router, WBR-2310 RangeBooster G Router, and EBR-2310 Ethernet Broadband Router allows remote attackers to execute arbitrary code via a long M-SEARCH request to UDP port 1900."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060717 [EEYEB-20060227] D-Link Router UPNP Stack Overflow",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0363.html"
},
{
"name": "20060717 [EEYEB-20060227] D-Link Router UPNP Stack Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440298/100/0/threaded"
},
{
"name": "20060722 RE: [EEYEB-20060227] D-Link Router UPNP Stack Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440852/100/100/threaded"
},
{
"name": "http://www.eeye.com/html/research/advisories/AD20060714.html",
"refsource": "MISC",
"url": "http://www.eeye.com/html/research/advisories/AD20060714.html"
},
{
"name": "21081",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21081"
},
{
"name": "27333",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27333"
},
{
"name": "ADV-2006-2829",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2829"
},
{
"name": "VU#971705",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/971705"
},
{
"name": "19006",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19006"
},
{
"name": "1016511",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016511"
},
{
"name": "dlink-upnp-bo(27755)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27755"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3687",
"datePublished": "2006-07-18T21:00:00",
"dateReserved": "2006-07-18T00:00:00",
"dateUpdated": "2024-08-07T18:39:53.876Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4723 (GCVE-0-2005-4723)
Vulnerability from nvd – Published: 2006-02-15 11:00 – Updated: 2024-08-07 23:53
VLAI?
Summary
D-Link DI-524 Wireless Router, DI-624 Wireless Router, and DI-784 allow remote attackers to cause a denial of service (device reboot) via a series of crafted fragmented UDP packets, possibly involving a missing fragment.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:53:29.007Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060210 [thunkers.net] D-Link Fragmented UDP DoS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0188.html"
},
{
"name": "ADV-2006-0563",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0563"
},
{
"name": "dlink-udp-fragment-dos(24631)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24631"
},
{
"name": "16621",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16621"
},
{
"name": "18833",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18833"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.thunkers.net/~deft/advisories/dlink_udp_dos.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "D-Link DI-524 Wireless Router, DI-624 Wireless Router, and DI-784 allow remote attackers to cause a denial of service (device reboot) via a series of crafted fragmented UDP packets, possibly involving a missing fragment."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060210 [thunkers.net] D-Link Fragmented UDP DoS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0188.html"
},
{
"name": "ADV-2006-0563",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0563"
},
{
"name": "dlink-udp-fragment-dos(24631)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24631"
},
{
"name": "16621",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16621"
},
{
"name": "18833",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18833"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.thunkers.net/~deft/advisories/dlink_udp_dos.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4723",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "D-Link DI-524 Wireless Router, DI-624 Wireless Router, and DI-784 allow remote attackers to cause a denial of service (device reboot) via a series of crafted fragmented UDP packets, possibly involving a missing fragment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060210 [thunkers.net] D-Link Fragmented UDP DoS Vulnerability",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0188.html"
},
{
"name": "ADV-2006-0563",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0563"
},
{
"name": "dlink-udp-fragment-dos(24631)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24631"
},
{
"name": "16621",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16621"
},
{
"name": "18833",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18833"
},
{
"name": "http://www.thunkers.net/~deft/advisories/dlink_udp_dos.txt",
"refsource": "MISC",
"url": "http://www.thunkers.net/~deft/advisories/dlink_udp_dos.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4723",
"datePublished": "2006-02-15T11:00:00",
"dateReserved": "2006-02-15T00:00:00",
"dateUpdated": "2024-08-07T23:53:29.007Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0615 (GCVE-0-2004-0615)
Vulnerability from nvd – Published: 2004-06-30 04:00 – Updated: 2024-08-08 00:24
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in D-Link DI-614+ SOHO router running firmware 2.30, and DI-704 SOHO router running firmware 2.60B2, and DI-624, allows remote attackers to inject arbitrary script or HTML via the DHCP HOSTNAME option in a DHCP request.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:24:26.741Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "10587",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10587"
},
{
"name": "11919",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11919"
},
{
"name": "7211",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/7211"
},
{
"name": "20040621 DLINK 614+, script injection vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108786257609932\u0026w=2"
},
{
"name": "dlink614-dhcp-xss(16468)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16468"
},
{
"name": "20040621 DLINK 704, script injection vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108797273127182\u0026w=2"
},
{
"name": "20040701 DLINK 624, script injection vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-07/0014.html"
},
{
"name": "1010562",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1010562"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in D-Link DI-614+ SOHO router running firmware 2.30, and DI-704 SOHO router running firmware 2.60B2, and DI-624, allows remote attackers to inject arbitrary script or HTML via the DHCP HOSTNAME option in a DHCP request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "10587",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10587"
},
{
"name": "11919",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11919"
},
{
"name": "7211",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/7211"
},
{
"name": "20040621 DLINK 614+, script injection vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108786257609932\u0026w=2"
},
{
"name": "dlink614-dhcp-xss(16468)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16468"
},
{
"name": "20040621 DLINK 704, script injection vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108797273127182\u0026w=2"
},
{
"name": "20040701 DLINK 624, script injection vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-07/0014.html"
},
{
"name": "1010562",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1010562"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0615",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in D-Link DI-614+ SOHO router running firmware 2.30, and DI-704 SOHO router running firmware 2.60B2, and DI-624, allows remote attackers to inject arbitrary script or HTML via the DHCP HOSTNAME option in a DHCP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10587",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10587"
},
{
"name": "11919",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11919"
},
{
"name": "7211",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/7211"
},
{
"name": "20040621 DLINK 614+, script injection vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108786257609932\u0026w=2"
},
{
"name": "dlink614-dhcp-xss(16468)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16468"
},
{
"name": "20040621 DLINK 704, script injection vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108797273127182\u0026w=2"
},
{
"name": "20040701 DLINK 624, script injection vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-07/0014.html"
},
{
"name": "1010562",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010562"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0615",
"datePublished": "2004-06-30T04:00:00",
"dateReserved": "2004-06-29T00:00:00",
"dateUpdated": "2024-08-08T00:24:26.741Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3687 (GCVE-0-2006-3687)
Vulnerability from cvelistv5 – Published: 2006-07-18 21:00 – Updated: 2024-08-07 18:39
VLAI?
Summary
Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in D-Link DI-524, DI-604 Broadband Router, DI-624, D-Link DI-784, WBR-1310 Wireless G Router, WBR-2310 RangeBooster G Router, and EBR-2310 Ethernet Broadband Router allows remote attackers to execute arbitrary code via a long M-SEARCH request to UDP port 1900.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:39:53.876Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060717 [EEYEB-20060227] D-Link Router UPNP Stack Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0363.html"
},
{
"name": "20060717 [EEYEB-20060227] D-Link Router UPNP Stack Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/440298/100/0/threaded"
},
{
"name": "20060722 RE: [EEYEB-20060227] D-Link Router UPNP Stack Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/440852/100/100/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.eeye.com/html/research/advisories/AD20060714.html"
},
{
"name": "21081",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21081"
},
{
"name": "27333",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/27333"
},
{
"name": "ADV-2006-2829",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2829"
},
{
"name": "VU#971705",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/971705"
},
{
"name": "19006",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19006"
},
{
"name": "1016511",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016511"
},
{
"name": "dlink-upnp-bo(27755)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27755"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in D-Link DI-524, DI-604 Broadband Router, DI-624, D-Link DI-784, WBR-1310 Wireless G Router, WBR-2310 RangeBooster G Router, and EBR-2310 Ethernet Broadband Router allows remote attackers to execute arbitrary code via a long M-SEARCH request to UDP port 1900."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060717 [EEYEB-20060227] D-Link Router UPNP Stack Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0363.html"
},
{
"name": "20060717 [EEYEB-20060227] D-Link Router UPNP Stack Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/440298/100/0/threaded"
},
{
"name": "20060722 RE: [EEYEB-20060227] D-Link Router UPNP Stack Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/440852/100/100/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.eeye.com/html/research/advisories/AD20060714.html"
},
{
"name": "21081",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21081"
},
{
"name": "27333",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/27333"
},
{
"name": "ADV-2006-2829",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2829"
},
{
"name": "VU#971705",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/971705"
},
{
"name": "19006",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19006"
},
{
"name": "1016511",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016511"
},
{
"name": "dlink-upnp-bo(27755)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27755"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3687",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in D-Link DI-524, DI-604 Broadband Router, DI-624, D-Link DI-784, WBR-1310 Wireless G Router, WBR-2310 RangeBooster G Router, and EBR-2310 Ethernet Broadband Router allows remote attackers to execute arbitrary code via a long M-SEARCH request to UDP port 1900."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060717 [EEYEB-20060227] D-Link Router UPNP Stack Overflow",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0363.html"
},
{
"name": "20060717 [EEYEB-20060227] D-Link Router UPNP Stack Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440298/100/0/threaded"
},
{
"name": "20060722 RE: [EEYEB-20060227] D-Link Router UPNP Stack Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440852/100/100/threaded"
},
{
"name": "http://www.eeye.com/html/research/advisories/AD20060714.html",
"refsource": "MISC",
"url": "http://www.eeye.com/html/research/advisories/AD20060714.html"
},
{
"name": "21081",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21081"
},
{
"name": "27333",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27333"
},
{
"name": "ADV-2006-2829",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2829"
},
{
"name": "VU#971705",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/971705"
},
{
"name": "19006",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19006"
},
{
"name": "1016511",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016511"
},
{
"name": "dlink-upnp-bo(27755)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27755"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3687",
"datePublished": "2006-07-18T21:00:00",
"dateReserved": "2006-07-18T00:00:00",
"dateUpdated": "2024-08-07T18:39:53.876Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4723 (GCVE-0-2005-4723)
Vulnerability from cvelistv5 – Published: 2006-02-15 11:00 – Updated: 2024-08-07 23:53
VLAI?
Summary
D-Link DI-524 Wireless Router, DI-624 Wireless Router, and DI-784 allow remote attackers to cause a denial of service (device reboot) via a series of crafted fragmented UDP packets, possibly involving a missing fragment.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:53:29.007Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060210 [thunkers.net] D-Link Fragmented UDP DoS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0188.html"
},
{
"name": "ADV-2006-0563",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0563"
},
{
"name": "dlink-udp-fragment-dos(24631)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24631"
},
{
"name": "16621",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16621"
},
{
"name": "18833",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18833"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.thunkers.net/~deft/advisories/dlink_udp_dos.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "D-Link DI-524 Wireless Router, DI-624 Wireless Router, and DI-784 allow remote attackers to cause a denial of service (device reboot) via a series of crafted fragmented UDP packets, possibly involving a missing fragment."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060210 [thunkers.net] D-Link Fragmented UDP DoS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0188.html"
},
{
"name": "ADV-2006-0563",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0563"
},
{
"name": "dlink-udp-fragment-dos(24631)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24631"
},
{
"name": "16621",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16621"
},
{
"name": "18833",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18833"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.thunkers.net/~deft/advisories/dlink_udp_dos.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4723",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "D-Link DI-524 Wireless Router, DI-624 Wireless Router, and DI-784 allow remote attackers to cause a denial of service (device reboot) via a series of crafted fragmented UDP packets, possibly involving a missing fragment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060210 [thunkers.net] D-Link Fragmented UDP DoS Vulnerability",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0188.html"
},
{
"name": "ADV-2006-0563",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0563"
},
{
"name": "dlink-udp-fragment-dos(24631)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24631"
},
{
"name": "16621",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16621"
},
{
"name": "18833",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18833"
},
{
"name": "http://www.thunkers.net/~deft/advisories/dlink_udp_dos.txt",
"refsource": "MISC",
"url": "http://www.thunkers.net/~deft/advisories/dlink_udp_dos.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4723",
"datePublished": "2006-02-15T11:00:00",
"dateReserved": "2006-02-15T00:00:00",
"dateUpdated": "2024-08-07T23:53:29.007Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0615 (GCVE-0-2004-0615)
Vulnerability from cvelistv5 – Published: 2004-06-30 04:00 – Updated: 2024-08-08 00:24
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in D-Link DI-614+ SOHO router running firmware 2.30, and DI-704 SOHO router running firmware 2.60B2, and DI-624, allows remote attackers to inject arbitrary script or HTML via the DHCP HOSTNAME option in a DHCP request.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:24:26.741Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "10587",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10587"
},
{
"name": "11919",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11919"
},
{
"name": "7211",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/7211"
},
{
"name": "20040621 DLINK 614+, script injection vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108786257609932\u0026w=2"
},
{
"name": "dlink614-dhcp-xss(16468)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16468"
},
{
"name": "20040621 DLINK 704, script injection vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108797273127182\u0026w=2"
},
{
"name": "20040701 DLINK 624, script injection vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-07/0014.html"
},
{
"name": "1010562",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1010562"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in D-Link DI-614+ SOHO router running firmware 2.30, and DI-704 SOHO router running firmware 2.60B2, and DI-624, allows remote attackers to inject arbitrary script or HTML via the DHCP HOSTNAME option in a DHCP request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "10587",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10587"
},
{
"name": "11919",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11919"
},
{
"name": "7211",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/7211"
},
{
"name": "20040621 DLINK 614+, script injection vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108786257609932\u0026w=2"
},
{
"name": "dlink614-dhcp-xss(16468)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16468"
},
{
"name": "20040621 DLINK 704, script injection vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108797273127182\u0026w=2"
},
{
"name": "20040701 DLINK 624, script injection vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-07/0014.html"
},
{
"name": "1010562",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1010562"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0615",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in D-Link DI-614+ SOHO router running firmware 2.30, and DI-704 SOHO router running firmware 2.60B2, and DI-624, allows remote attackers to inject arbitrary script or HTML via the DHCP HOSTNAME option in a DHCP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10587",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10587"
},
{
"name": "11919",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11919"
},
{
"name": "7211",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/7211"
},
{
"name": "20040621 DLINK 614+, script injection vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108786257609932\u0026w=2"
},
{
"name": "dlink614-dhcp-xss(16468)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16468"
},
{
"name": "20040621 DLINK 704, script injection vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108797273127182\u0026w=2"
},
{
"name": "20040701 DLINK 624, script injection vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-07/0014.html"
},
{
"name": "1010562",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010562"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0615",
"datePublished": "2004-06-30T04:00:00",
"dateReserved": "2004-06-29T00:00:00",
"dateUpdated": "2024-08-08T00:24:26.741Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}