CVE-2019-6258

Опубликовано: 18 авг. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

D-Link DIR-822 Rev.Bx devices with firmware v.202KRb06 and older allow a buffer overflow via long MacAddress data in a /HNAP1/SetClientInfo HNAP protocol message, which is mishandled in /usr/sbin/udhcpd during reading of the /var/servd/LAN-1-udhcpd.conf file.

Ссылки

https://github.com/pr0v3rbs/CVE/tree/master/CVE-2019-6258
Exploit
Third Party Advisory
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10175
Patch
Vendor Advisory
https://github.com/pr0v3rbs/CVE/tree/master/CVE-2019-6258
Exploit
Third Party Advisory
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10175
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:d-link:dir-822_firmware:*:*:*:*:*:*:*:*

Версия до 2.02krb06 (включая)

cpe:2.3:h:dlink:dir-822:-:*:*:*:*:*:*:*

EPSS

Процентиль: 80%

0.01357

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-120

Связанные уязвимости

GHSA-2jv7-c5x2-xf95