CVE-2017-3193 - OpenCVE

Multiple D-Link devices including the DIR-850L firmware versions 1.14B07 and 2.07.B05 contain a stack-based buffer overflow vulnerability in the web administration interface HNAP service.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:A/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Dlink	Dir-850l Firmware Dir-850l

Configuration 1 [-]

AND

OR	cpe:2.3:o:dlink:dir-850l_firmware:1.14b07:::::::*
	cpe:2.3:o:dlink:dir-850l_firmware:2.07.b05:::::::*

cpe:2.3:h:dlink:dir-850l:-:*:*:*:*:*:*:*

References

Link	Resource
http://www.securityfocus.com/bid/96747	Third Party Advisory VDB Entry
https://tools.cisco.com/security/center/viewAlert.x?alertId=52967	Patch Third Party Advisory
https://twitter.com/NCCGroupInfosec/status/845269159277723649	Third Party Advisory
https://www.kb.cert.org/vuls/id/305448	Third Party Advisory US Government Resource VDB Entry
https://www.nccgroup.trust/uk/our-research/d-link-dir-850l-web-admin-interface-vulnerable-to-stack-based-buffer-overflow/?research=Technical+advisories	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: certcc

Published: 2017-12-15T14:00:00

Updated: 2017-12-15T13:57:01

Reserved: 2016-12-05T00:00:00

Link: CVE-2017-3193

JSON object: View

NVD Information

Status : Analyzed

Published: 2017-12-16T02:29:10.417

Modified: 2023-11-08T20:19:55.387

Link: CVE-2017-3193

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "DIR-850L and potentially others", "vendor": "D-Link", "versions": [{"status": "affected", "version": "1.14B07"}, {"status": "affected", "version": "2.07.B05"}]}], "datePublic": "2017-03-08T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple D-Link devices including the DIR-850L firmware versions 1.14B07 and 2.07.B05 contain a stack-based buffer overflow vulnerability in the web administration interface HNAP service."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-121", "description": "CWE-121: Stack-based Buffer Overflow", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2017-12-15T13:57:01", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"name": "VU#305448", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "https://www.kb.cert.org/vuls/id/305448"}, {"tags": ["x_refsource_MISC"], "url": "https://twitter.com/NCCGroupInfosec/status/845269159277723649"}, {"tags": ["x_refsource_MISC"], "url": "https://www.nccgroup.trust/uk/our-research/d-link-dir-850l-web-admin-interface-vulnerable-to-stack-based-buffer-overflow/?research=Technical+advisories"}, {"name": "96747", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/96747"}, {"tags": ["x_refsource_MISC"], "url": "https://tools.cisco.com/security/center/viewAlert.x?alertId=52967"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2017-3193", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "DIR-850L and potentially others", "version": {"version_data": [{"version_value": "1.14B07"}, {"version_value": "2.07.B05"}]}}]}, "vendor_name": "D-Link"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple D-Link devices including the DIR-850L firmware versions 1.14B07 and 2.07.B05 contain a stack-based buffer overflow vulnerability in the web administration interface HNAP service."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-121: Stack-based Buffer Overflow"}]}]}, "references": {"reference_data": [{"name": "VU#305448", "refsource": "CERT-VN", "url": "https://www.kb.cert.org/vuls/id/305448"}, {"name": "https://twitter.com/NCCGroupInfosec/status/845269159277723649", "refsource": "MISC", "url": "https://twitter.com/NCCGroupInfosec/status/845269159277723649"}, {"name": "https://www.nccgroup.trust/uk/our-research/d-link-dir-850l-web-admin-interface-vulnerable-to-stack-based-buffer-overflow/?research=Technical+advisories", "refsource": "MISC", "url": "https://www.nccgroup.trust/uk/our-research/d-link-dir-850l-web-admin-interface-vulnerable-to-stack-based-buffer-overflow/?research=Technical+advisories"}, {"name": "96747", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96747"}, {"name": "https://tools.cisco.com/security/center/viewAlert.x?alertId=52967", "refsource": "MISC", "url": "https://tools.cisco.com/security/center/viewAlert.x?alertId=52967"}]}}}}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2017-3193", "datePublished": "2017-12-15T14:00:00", "dateReserved": "2016-12-05T00:00:00", "dateUpdated": "2017-12-15T13:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dlink:dir-850l_firmware:1.14b07:*:*:*:*:*:*:*", "matchCriteriaId": "10F53477-8CF3-48DC-BC1E-B6C19E878FD8", "vulnerable": true}, {"criteria": "cpe:2.3:o:dlink:dir-850l_firmware:2.07.b05:*:*:*:*:*:*:*", "matchCriteriaId": "BE3B7CA2-E60A-48D3-AA8F-38E0809B1614", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dir-850l:-:*:*:*:*:*:*:*", "matchCriteriaId": "607DDB44-0E4E-4606-8909-B624345688D4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Multiple D-Link devices including the DIR-850L firmware versions 1.14B07 and 2.07.B05 contain a stack-based buffer overflow vulnerability in the web administration interface HNAP service."}, {"lang": "es", "value": "M\u00faltiples dispositivos D-Link, incluidos DIR-850L con versiones 1.13B07 y 2.07.B05 contienen una vulnerabilidad de desbordamiento de b\u00fafer basado en pila en la interfaz de administraci\u00f3n web del servicio HNAP."}], "id": "CVE-2017-3193", "lastModified": "2023-11-08T20:19:55.387", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 8.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-12-16T02:29:10.417", "references": [{"source": "cret@cert.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/96747"}, {"source": "cret@cert.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://tools.cisco.com/security/center/viewAlert.x?alertId=52967"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "https://twitter.com/NCCGroupInfosec/status/845269159277723649"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory", "US Government Resource", "VDB Entry"], "url": "https://www.kb.cert.org/vuls/id/305448"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "https://www.nccgroup.trust/uk/our-research/d-link-dir-850l-web-admin-interface-vulnerable-to-stack-based-buffer-overflow/?research=Technical+advisories"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-121"}], "source": "cret@cert.org", "type": "Secondary"}]}