VAR-200408-0030
Vulnerability from variot - Updated: 2025-04-03 22:33Integer signedness error in D-Link AirPlus DI-614+ running firmware 2.30 and earlier allows remote attackers to cause a denial of service (IP lease depletion) via a DHCP request with the LEASETIME option set to -1, which makes the DHCP lease valid for thirteen or more years. D-Link AirPlus DI-614 + and DI-604 are SOHO broadband routers.
D-Link AirPlus DI-614 + and DI-604 do not properly handle a large number of DHCP requests. Remote attackers can use this vulnerability to conduct denial of service attacks on devices.
Sending a large number of legitimate DHCP requests can cause the device to consume a lot of memory and needs to be restarted for normal service. An attacker may be able to deny service to legitimate users of an affected device by repeatedly causing the device to reboot. The DI-614+ with firmware revision 2.30, and the DI-604 with unknown firmware were reported vulnerable. The DI-624 Revision B was also confirmed susceptible
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200408-0030",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "di-614\\+",
"scope": "eq",
"trust": 1.6,
"vendor": "d link",
"version": "2.30"
},
{
"model": "di-624",
"scope": "eq",
"trust": 1.6,
"vendor": "d link",
"version": "1.28"
},
{
"model": null,
"scope": null,
"trust": 1.2,
"vendor": "none",
"version": null
},
{
"model": "di-604",
"scope": "eq",
"trust": 1.0,
"vendor": "d link",
"version": "*"
},
{
"model": "di-604",
"scope": null,
"trust": 0.9,
"vendor": "d link",
"version": null
},
{
"model": "di-624 soho router",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "1.28"
},
{
"model": "di-614+",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "2.30"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2004-1818"
},
{
"db": "CNVD",
"id": "CNVD-2004-1817"
},
{
"db": "BID",
"id": "10621"
},
{
"db": "CNNVD",
"id": "CNNVD-200408-110"
},
{
"db": "NVD",
"id": "CVE-2004-0661"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gregory Duchemin\u203b c3rb3r@hotmail.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200408-110"
}
],
"trust": 0.6
},
"cve": "CVE-2004-0661",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2004-0661",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-9091",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2004-0661",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200408-110",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-9091",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-9091"
},
{
"db": "CNNVD",
"id": "CNNVD-200408-110"
},
{
"db": "NVD",
"id": "CVE-2004-0661"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Integer signedness error in D-Link AirPlus DI-614+ running firmware 2.30 and earlier allows remote attackers to cause a denial of service (IP lease depletion) via a DHCP request with the LEASETIME option set to -1, which makes the DHCP lease valid for thirteen or more years. D-Link AirPlus DI-614 + and DI-604 are SOHO broadband routers. \n\n\u00a0D-Link AirPlus DI-614 + and DI-604 do not properly handle a large number of DHCP requests. Remote attackers can use this vulnerability to conduct denial of service attacks on devices. \n\n\u00a0Sending a large number of legitimate DHCP requests can cause the device to consume a lot of memory and needs to be restarted for normal service. \nAn attacker may be able to deny service to legitimate users of an affected device by repeatedly causing the device to reboot. \nThe DI-614+ with firmware revision 2.30, and the DI-604 with unknown firmware were reported vulnerable. The DI-624 Revision B was also confirmed susceptible",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0661"
},
{
"db": "CNVD",
"id": "CNVD-2004-1818"
},
{
"db": "CNVD",
"id": "CNVD-2004-1817"
},
{
"db": "BID",
"id": "10621"
},
{
"db": "VULHUB",
"id": "VHN-9091"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2004-0661",
"trust": 2.6
},
{
"db": "BID",
"id": "10621",
"trust": 2.6
},
{
"db": "OSVDB",
"id": "7294",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "12018",
"trust": 1.7
},
{
"db": "XF",
"id": "16531",
"trust": 1.2
},
{
"db": "CNNVD",
"id": "CNNVD-200408-110",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2004-1818",
"trust": 0.6
},
{
"db": "CNCVE",
"id": "CNCVE-20040661",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2004-1817",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20040629 RE: DLINK 614+ - SOHO ROUTERS, SYSTEM DOS",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20040628 DLINK 614+ - SOHO ROUTERS, DHCP SERVICE DOS",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-9091",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2004-1818"
},
{
"db": "CNVD",
"id": "CNVD-2004-1817"
},
{
"db": "VULHUB",
"id": "VHN-9091"
},
{
"db": "BID",
"id": "10621"
},
{
"db": "CNNVD",
"id": "CNNVD-200408-110"
},
{
"db": "NVD",
"id": "CVE-2004-0661"
}
]
},
"id": "VAR-200408-0030",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2004-1818"
},
{
"db": "CNVD",
"id": "CNVD-2004-1817"
},
{
"db": "VULHUB",
"id": "VHN-9091"
}
],
"trust": 0.13
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 1.2
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2004-1818"
},
{
"db": "CNVD",
"id": "CNVD-2004-1817"
}
]
},
"last_update_date": "2025-04-03T22:33:10.025000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0661"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/10621"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/367485"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/7294"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/12018"
},
{
"trust": 1.2,
"url": "http://xforce.iss.net/xforce/xfdb/16531"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16531"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=108844250013785\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=108844250013785\u0026w=2"
},
{
"trust": 0.3,
"url": "http://www.d-link.com/"
},
{
"trust": 0.3,
"url": "/archive/1/367294"
},
{
"trust": 0.3,
"url": "/archive/1/367485"
},
{
"trust": 0.3,
"url": "/archive/1/367889"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=108844250013785\u0026amp;w=2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2004-1817"
},
{
"db": "VULHUB",
"id": "VHN-9091"
},
{
"db": "BID",
"id": "10621"
},
{
"db": "CNNVD",
"id": "CNNVD-200408-110"
},
{
"db": "NVD",
"id": "CVE-2004-0661"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2004-1818"
},
{
"db": "CNVD",
"id": "CNVD-2004-1817"
},
{
"db": "VULHUB",
"id": "VHN-9091"
},
{
"db": "BID",
"id": "10621"
},
{
"db": "CNNVD",
"id": "CNNVD-200408-110"
},
{
"db": "NVD",
"id": "CVE-2004-0661"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-06-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2004-1818"
},
{
"date": "2004-06-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2004-1817"
},
{
"date": "2004-08-06T00:00:00",
"db": "VULHUB",
"id": "VHN-9091"
},
{
"date": "2004-06-27T00:00:00",
"db": "BID",
"id": "10621"
},
{
"date": "2004-06-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200408-110"
},
{
"date": "2004-08-06T04:00:00",
"db": "NVD",
"id": "CVE-2004-0661"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-06-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2004-1818"
},
{
"date": "2004-06-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2004-1817"
},
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-9091"
},
{
"date": "2009-07-12T05:16:00",
"db": "BID",
"id": "10621"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200408-110"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2004-0661"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200408-110"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link AirPlus DI-614 + and DI-604 DHCP Server Flood Attack Denial of Service Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2004-1818"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200408-110"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…