// For flags

CVE-2016-5681

 

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Stack-based buffer overflow in dws/api/Login on D-Link DIR-850L B1 2.07 before 2.07WWB05, DIR-817 Ax, DIR-818LW Bx before 2.05b03beta03, DIR-822 C1 3.01 before 3.01WWb02, DIR-823 A1 1.00 before 1.00WWb05, DIR-895L A1 1.11 before 1.11WWb04, DIR-890L A1 1.09 before 1.09b14, DIR-885L A1 1.11 before 1.11WWb07, DIR-880L A1 1.07 before 1.07WWb08, DIR-868L B1 2.03 before 2.03WWb01, and DIR-868L C1 3.00 before 3.00WWb01 devices allows remote attackers to execute arbitrary code via a long session cookie.

Desbordamiento del búfer basado en pila en dws/api/Login en dispositivos D-Link DIR-850L B1 2.07 en versiones anteriores a 2.07WWB05, DIR-817 Ax, DIR-818LW Bx en versiones anteriores a 2.05b03beta03, DIR-822 C1 3.01 en versiones anteriores a 3.01WWb02, DIR-823 A1 1.00 en versiones anteriores a 1.00WWb05, DIR-895L A1 1.11 en versiones anteriores a 1.11WWb04, DIR-890L A1 1.09 en versiones anteriores a 1.09b14, DIR-885L A1 1.11 en versiones anteriores a 1.11WWb07, DIR-880L A1 1.07 en versiones anteriores a 1.07WWb08, DIR-868L B1 2.03 en versiones anteriores a 2.03WWb01 y DIR-868L C1 3.00 en versiones anteriores a 3.00WWb01 permite a atacantes remotos ejecutar código arbitrario a través de una sesión de cookie larga.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2016-06-16 CVE Reserved
  • 2016-08-25 CVE Published
  • 2024-08-06 CVE Updated
  • 2024-09-24 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Dlink
Search vendor "Dlink"
Dir-868l Firmware
Search vendor "Dlink" for product "Dir-868l Firmware"
<= 2.03
Search vendor "Dlink" for product "Dir-868l Firmware" and version " <= 2.03"
-
Affected
in Dlink
Search vendor "Dlink"
Dir-868l
Search vendor "Dlink" for product "Dir-868l"
b1
Search vendor "Dlink" for product "Dir-868l" and version "b1"
-
Safe
Dlink
Search vendor "Dlink"
Dir-822 Firmware
Search vendor "Dlink" for product "Dir-822 Firmware"
3.01
Search vendor "Dlink" for product "Dir-822 Firmware" and version "3.01"
-
Affected
in Dlink
Search vendor "Dlink"
Dir-822
Search vendor "Dlink" for product "Dir-822"
a1
Search vendor "Dlink" for product "Dir-822" and version "a1"
-
Safe
D-link
Search vendor "D-link"
Dir-880l Firmware
Search vendor "D-link" for product "Dir-880l Firmware"
<= 1.07
Search vendor "D-link" for product "Dir-880l Firmware" and version " <= 1.07"
-
Affected
in Dlink
Search vendor "Dlink"
Dir-880l
Search vendor "Dlink" for product "Dir-880l"
a1
Search vendor "Dlink" for product "Dir-880l" and version "a1"
-
Safe
D-link
Search vendor "D-link"
Dir-850l Firmare
Search vendor "D-link" for product "Dir-850l Firmare"
<= 2.07
Search vendor "D-link" for product "Dir-850l Firmare" and version " <= 2.07"
-
Affected
in Dlink
Search vendor "Dlink"
Dir-850l
Search vendor "Dlink" for product "Dir-850l"
b1
Search vendor "Dlink" for product "Dir-850l" and version "b1"
-
Safe
D-link
Search vendor "D-link"
Dir-895l Firmware
Search vendor "D-link" for product "Dir-895l Firmware"
<= 1.11
Search vendor "D-link" for product "Dir-895l Firmware" and version " <= 1.11"
-
Affected
in Dlink
Search vendor "Dlink"
Dir-895l
Search vendor "Dlink" for product "Dir-895l"
a1
Search vendor "Dlink" for product "Dir-895l" and version "a1"
-
Safe
D-link
Search vendor "D-link"
Dir-817l\(w\) Firmware
Search vendor "D-link" for product "Dir-817l\(w\) Firmware"
<= jul.2016
Search vendor "D-link" for product "Dir-817l\(w\) Firmware" and version " <= jul.2016"
-
Affected
in Dlink
Search vendor "Dlink"
Dir-817l\(w\)
Search vendor "Dlink" for product "Dir-817l\(w\)"
ax
Search vendor "Dlink" for product "Dir-817l\(w\)" and version "ax"
-
Safe
D-link
Search vendor "D-link"
Dir-818l\(w\) Firmware
Search vendor "D-link" for product "Dir-818l\(w\) Firmware"
<= 2.05
Search vendor "D-link" for product "Dir-818l\(w\) Firmware" and version " <= 2.05"
-
Affected
in Dlink
Search vendor "Dlink"
Dir-818l\(w\)
Search vendor "Dlink" for product "Dir-818l\(w\)"
ax
Search vendor "Dlink" for product "Dir-818l\(w\)" and version "ax"
-
Safe
D-link
Search vendor "D-link"
Dir-890l Firmware
Search vendor "D-link" for product "Dir-890l Firmware"
<= 1.09
Search vendor "D-link" for product "Dir-890l Firmware" and version " <= 1.09"
-
Affected
in Dlink
Search vendor "Dlink"
Dir-890l
Search vendor "Dlink" for product "Dir-890l"
a1
Search vendor "Dlink" for product "Dir-890l" and version "a1"
-
Safe
D-link
Search vendor "D-link"
Dir-823 Firmware
Search vendor "D-link" for product "Dir-823 Firmware"
<= 1.00
Search vendor "D-link" for product "Dir-823 Firmware" and version " <= 1.00"
-
Affected
in Dlink
Search vendor "Dlink"
Dir-823
Search vendor "Dlink" for product "Dir-823"
a1
Search vendor "Dlink" for product "Dir-823" and version "a1"
-
Safe
D-link
Search vendor "D-link"
Dir-885l Firmware
Search vendor "D-link" for product "Dir-885l Firmware"
<= 1.11
Search vendor "D-link" for product "Dir-885l Firmware" and version " <= 1.11"
-
Affected
in Dlink
Search vendor "Dlink"
Dir-885l
Search vendor "Dlink" for product "Dir-885l"
a1
Search vendor "Dlink" for product "Dir-885l" and version "a1"
-
Safe
Dlink
Search vendor "Dlink"
Dir-868l Firmware
Search vendor "Dlink" for product "Dir-868l Firmware"
<= 3.00
Search vendor "Dlink" for product "Dir-868l Firmware" and version " <= 3.00"
-
Affected
in Dlink
Search vendor "Dlink"
Dir-868l
Search vendor "Dlink" for product "Dir-868l"
c1
Search vendor "Dlink" for product "Dir-868l" and version "c1"
-
Safe