CVE-2020-8962

Опубликовано: 13 фев. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

A stack-based buffer overflow was found on the D-Link DIR-842 REVC with firmware v3.13B09 HOTFIX due to the use of strcpy for LOGINPASSWORD when handling a POST request to the /MTFWU endpoint.

Ссылки

https://ctrsec.io/index.php/2020/02/12/cve-2020-8962-d-link-dir-842-stack-based-buffer-overflow/
Exploit
Third Party Advisory
https://ctrsec.io/index.php/2020/02/12/cve-2020-8962-d-link-dir-842-stack-based-buffer-overflow/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:dlink:dir-842_firmware:3.13b09:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-842:c:*:*:*:*:*:*:*

EPSS

Процентиль: 84%

0.02267

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-787

Связанные уязвимости

GHSA-jjgf-8279-h8cq

github

больше 3 лет назад