- Description
- An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The binary orthrus in /sbin folder of the device handles all the UPnP connections received by the device. It seems that the binary performs a sprintf operation at address 0x0000A3E4 with the value in the command line parameter "-f" and stores it on the stack. Since there is no length check, this results in corrupting the registers for the function sub_A098 which results in memory corruption.
- Source
- cve@mitre.org
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 7.2
- Impact score
- 10
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:C/I:C/A:C
- nvd@nist.gov
- CWE-119
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-1100_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "554817F7-7E3D-4D69-90AC-46D86056143B"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-1100:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "704F9608-72CE-49C0-B7D2-F2FE84DF0C74"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-1130_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0DB53465-4FE2-43EF-B2C6-839DFEA80D62"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-1130:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "33A388EC-275D-4180-83E2-AD73F7EEB54F"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]