CVE-2016-1559 - OpenCVE

D-Link DAP-1353 H/W vers. B1 3.15 and earlier, D-Link DAP-2553 H/W ver. A1 1.31 and earlier, and D-Link DAP-3520 H/W ver. A1 1.16 and earlier reveal wireless passwords and administrative usernames and passwords over SNMP.

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:H/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
D-link	Dap-2553 H\/w A1 Firmware Dap-1353 H\/w B1 Firmware Dap-3520 H\/w A1 Firmware
Dlink	Dap-3520 H\/w A1 Dap-1353 H\/w B1 Dap-2553 H\/w A1

Configuration 1 [-]

AND

cpe:2.3:o:d-link:dap-1353_h\/w_b1_firmware:3.15:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dap-1353_h\/w_b1:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:d-link:dap-2553_h\/w_a1_firmware:1.31:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dap-2553_h\/w_a1:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:d-link:dap-3520_h\/w_a1_firmware:1.16:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dap-3520_h\/w_a1:-:*:*:*:*:*:*:*

References

Link	Resource
http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html	Broken Link Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2016/Feb/112	Mailing List Third Party Advisory
http://www.dlink.com/mk/mk/support/support-news/2016/march/16/firmadyne-cve_2016_1558-cve_2016_1559	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: certcc

Published: 2017-04-21T15:00:00

Updated: 2017-04-21T14:57:01

Reserved: 2016-01-07T00:00:00

Link: CVE-2016-1559

JSON object: View

NVD Information

Status : Analyzed

Published: 2017-04-21T15:59:00.490

Modified: 2023-04-26T18:55:30.893

Link: CVE-2016-1559

JSON object: View

Redhat Information

No data.

CWE

CWE-200

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-02-24T00:00:00", "descriptions": [{"lang": "en", "value": "D-Link DAP-1353 H/W vers. B1 3.15 and earlier, D-Link DAP-2553 H/W ver. A1 1.31 and earlier, and D-Link DAP-3520 H/W ver. A1 1.16 and earlier reveal wireless passwords and administrative usernames and passwords over SNMP."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-04-21T14:57:01", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.dlink.com/mk/mk/support/support-news/2016/march/16/firmadyne-cve_2016_1558-cve_2016_1559"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html"}, {"name": "20160225 D-Link, Netgear Router Vulnerabiltiies", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2016/Feb/112"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2016-1559", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "D-Link DAP-1353 H/W vers. B1 3.15 and earlier, D-Link DAP-2553 H/W ver. A1 1.31 and earlier, and D-Link DAP-3520 H/W ver. A1 1.16 and earlier reveal wireless passwords and administrative usernames and passwords over SNMP."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.dlink.com/mk/mk/support/support-news/2016/march/16/firmadyne-cve_2016_1558-cve_2016_1559", "refsource": "CONFIRM", "url": "http://www.dlink.com/mk/mk/support/support-news/2016/march/16/firmadyne-cve_2016_1558-cve_2016_1559"}, {"name": "http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html"}, {"name": "20160225 D-Link, Netgear Router Vulnerabiltiies", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2016/Feb/112"}]}}}}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2016-1559", "datePublished": "2017-04-21T15:00:00", "dateReserved": "2016-01-07T00:00:00", "dateUpdated": "2017-04-21T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:d-link:dap-1353_h\\/w_b1_firmware:3.15:*:*:*:*:*:*:*", "matchCriteriaId": "D77C4C2D-006D-4963-BAC2-B7065E0D86D2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dap-1353_h\\/w_b1:-:*:*:*:*:*:*:*", "matchCriteriaId": "1086F174-83FA-45FA-804F-3641E3915576", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:d-link:dap-2553_h\\/w_a1_firmware:1.31:*:*:*:*:*:*:*", "matchCriteriaId": "942ACDB1-9A27-4424-AA60-1C0D11309FC4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dap-2553_h\\/w_a1:-:*:*:*:*:*:*:*", "matchCriteriaId": "EC365B3B-50AE-4B41-A04C-1B82B23C213C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:d-link:dap-3520_h\\/w_a1_firmware:1.16:*:*:*:*:*:*:*", "matchCriteriaId": "568C6F86-8956-405F-B6B2-320BA6F7DFCF", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dap-3520_h\\/w_a1:-:*:*:*:*:*:*:*", "matchCriteriaId": "A9907D2D-BAC2-4F22-87C2-21B8C6960F2E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "D-Link DAP-1353 H/W vers. B1 3.15 and earlier, D-Link DAP-2553 H/W ver. A1 1.31 and earlier, and D-Link DAP-3520 H/W ver. A1 1.16 and earlier reveal wireless passwords and administrative usernames and passwords over SNMP."}, {"lang": "es", "value": "D-Link DAP-1353 H/W vers. B1 3.15 y versiones anteriores, D-Link DAP-2553 H/W ver. A1 1.31 y versiones anteriores y D-Link DAP-3520 H/W ver. A1 1.16 y versiones anteriores revelan contrase\u00f1as inal\u00e1mbricas y nombres de usuario y contrase\u00f1as administrativos sobre SNMP."}], "id": "CVE-2016-1559", "lastModified": "2023-04-26T18:55:30.893", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-04-21T15:59:00.490", "references": [{"source": "cret@cert.org", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html"}, {"source": "cret@cert.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2016/Feb/112"}, {"source": "cret@cert.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.dlink.com/mk/mk/support/support-news/2016/march/16/firmadyne-cve_2016_1558-cve_2016_1559"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}