Details of VAR-200308-0212

ID

VAR-200308-0212

TITLE

D-Link DI-704P Long URL Remote Denial of Service Attack Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2003-2427

DESCRIPTION

The D-Link 704p is a 4-port DSL/CABLE router. The D-Link 704p management interface incorrectly handles long requests submitted by users. A remote attacker can exploit this vulnerability to perform a denial of service attack on the router. The D-Link 704p can be configured for remote management. The attacker can connect to the WEB service of the management interface and submit a long URL request, which can cause the router to stop responding and need to be restarted to obtain normal services. The issue presents itself when a request of excessive length is sent to the router. This causes the device to behave in an unstable manner. Malicious requests may result in a complete denial of service condition requiring a device reboot, or the loss of the ability to log in to the administration interface. Although unconfirmed, it should be noted that other D-Link devices that use related firmware might also be affected

Trust: 0.81

sources: CNVD: CNVD-2003-2427 // BID: 8355

IOT TAXONOMY

category:

['IoT', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2003-2427

AFFECTED PRODUCTS

vendor:	d link	model:	di704p 2.56b6	scope:	-	version:	-	Trust: 0.6
vendor:	d link	model:	di-704p	scope:	-	version:	-	Trust: 0.3

sources: CNVD: CNVD-2003-2427 // BID: 8355

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2003-2427
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2003-2427
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2003-2427

THREAT TYPE

network

Trust: 0.3

sources: BID: 8355

TYPE

Boundary Condition Error

Trust: 0.3

sources: BID: 8355

EXTERNAL IDS

db:	BID	id:	8355	Trust: 0.9
db:	CNVD	id:	CNVD-2003-2427	Trust: 0.6

sources: CNVD: CNVD-2003-2427 // BID: 8355

REFERENCES

url:	http://www.securityfocus.com/bid/8355	Trust: 0.6
url:	http://www.dlink.com/products/broadband/di704p/	Trust: 0.3
url:	/archive/1/332119	Trust: 0.3

sources: CNVD: CNVD-2003-2427 // BID: 8355

CREDITS

Reported by chris <chris@cr-secure.net>.

Trust: 0.3

sources: BID: 8355

SOURCES

db:	CNVD	id:	CNVD-2003-2427
db:	BID	id:	8355

LAST UPDATE DATE

2022-05-17T02:00:51.454000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2003-2427	date:	2003-08-06T00:00:00
db:	BID	id:	8355	date:	2003-08-06T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2003-2427	date:	2003-08-06T00:00:00
db:	BID	id:	8355	date:	2003-08-06T00:00:00