Sign-up

ID

VAR-200703-0565


CVE

CVE-2007-1435


TITLE

D-Link TFTP Server Vulnerable to buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2007-001692

DESCRIPTION

Buffer overflow in D-Link TFTP Server 1.0 allows remote attackers to cause a denial of service (crash) via a long (1) GET or (2) PUT request, which triggers memory corruption. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. D-Link TFTP Server is a TFTP service program built into D-Link wireless AP. D-Link TFTP Server has a vulnerability in processing malformed TFTP access requests, and remote attackers may use this vulnerability to control the server. Test code: http://www.securityfocus.com/data/vulnerabilities/exploits/22923.rb Patching plan: The vendor has not released upgrade patches for the time being, please pay attention to the vendor address in time: http://www.dlink.com. D-Link TFTP is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before storing it in a finite-sized buffer. Given the nature of this issue, the attacker may presumably be able to execute code. D-Link TFTP 1.0 is vulnerable; other versions may also be affected. ---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_vacancies/ Secunia is looking for new researchers with a reversing background and experience in writing exploit code: http://secunia.com/hardcore_disassembler_and_reverse_engineer/ http://secunia.com/Disassembling_og_Reversing/ ---------------------------------------------------------------------- TITLE: D-Link TFTP Server Data Handling Memory Corruption SECUNIA ADVISORY ID: SA24360 VERIFY ADVISORY: http://secunia.com/advisories/24360/ CRITICAL: Moderately critical IMPACT: System access WHERE: >From local network SOFTWARE: D-Link TFTP Server 1.x http://secunia.com/product/13596/ DESCRIPTION: Parvez Anwar has discovered a vulnerability in D-Link TFTP Server, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an error within the handling of received data. This can be exploited to corrupt certain structures in memory via an overly long (greater than 300 bytes), specially crafted GET or PUT request. The vulnerability is confirmed in version 1.0. SOLUTION: Use in a trusted network environment only. PROVIDED AND/OR DISCOVERED BY: Parvez Anwar ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 3.15

sources: NVD: CVE-2007-1435 // JVNDB: JVNDB-2007-001692 // CNVD: CNVD-2007-1848 // CNVD: CNVD-2007-1847 // BID: 22923 // VULHUB: VHN-24797 // PACKETSTORM: 54996

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 1.2

sources: CNVD: CNVD-2007-1848 // CNVD: CNVD-2007-1847

AFFECTED PRODUCTS

vendor:d linkmodel:tftp serverscope:eqversion:1.0

Trust: 2.7

vendor:nonemodel: - scope: - version: -

Trust: 1.2

sources: CNVD: CNVD-2007-1848 // CNVD: CNVD-2007-1847 // BID: 22923 // JVNDB: JVNDB-2007-001692 // CNNVD: CNNVD-200703-350 // NVD: CVE-2007-1435

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-1435
value: HIGH

Trust: 1.0

NVD: CVE-2007-1435
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200703-350
value: CRITICAL

Trust: 0.6

VULHUB: VHN-24797
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2007-1435
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-24797
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-24797 // JVNDB: JVNDB-2007-001692 // CNNVD: CNNVD-200703-350 // NVD: CVE-2007-1435

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-1435

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200703-350

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200703-350

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-001692

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-24797

PATCH
title:Top Pageurl:http://www.dlink.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-001692

EXTERNAL IDS
db:NVDid:CVE-2007-1435
Trust: 3.4
db:BIDid:22923
Trust: 2.6
db:SECUNIAid:24360
Trust: 2.4
db:OSVDBid:33977
Trust: 2.3
db:JVNDBid:JVNDB-2007-001692
Trust: 0.8
db:CNVDid:CNVD-2007-1848
Trust: 0.6
db:CNCVEid:CNCVE-20071435
Trust: 0.6
db:CNVDid:CNVD-2007-1847
Trust: 0.6
db:CNNVDid:CNNVD-200703-350
Trust: 0.6
db:EXPLOIT-DBid:29735
Trust: 0.1
db:EXPLOIT-DBid:16345
Trust: 0.1
db:SEEBUGid:SSVID-83218
Trust: 0.1
db:SEEBUGid:SSVID-70862
Trust: 0.1
db:PACKETSTORMid:83123
Trust: 0.1
db:VULHUBid:VHN-24797
Trust: 0.1
db:PACKETSTORMid:54996
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2007-1848 // 
            
            
            
            CNVD: CNVD-2007-1847 // 
            
            
            
            VULHUB: VHN-24797 // 
            
            
            
            BID: 22923 // 
            
            
            
            JVNDB: JVNDB-2007-001692 // 
            
            
            
            PACKETSTORM: 54996 // 
            
            
            
            CNNVD: CNNVD-200703-350 // 
            
            
            
            NVD: CVE-2007-1435

REFERENCES
url:http://osvdb.org/33977
Trust: 2.3
url:http://secunia.com/advisories/24360
Trust: 2.3
url:http://www.securityfocus.com/bid/22923
Trust: 2.3
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1435
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-1435
Trust: 0.8
url:http://www.dlink.com.sg/products/?pid=308
Trust: 0.3
url:http://www.d-link.com/
Trust: 0.3
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/advisories/24360/
Trust: 0.1
url:http://secunia.com/disassembling_og_reversing/
Trust: 0.1
url:http://secunia.com/secunia_vacancies/
Trust: 0.1
url:http://secunia.com/hardcore_disassembler_and_reverse_engineer/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/product/13596/
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2007-1847 // 
            
            
            
            VULHUB: VHN-24797 // 
            
            
            
            BID: 22923 // 
            
            
            
            JVNDB: JVNDB-2007-001692 // 
            
            
            
            PACKETSTORM: 54996 // 
            
            
            
            CNNVD: CNNVD-200703-350 // 
            
            
            
            NVD: CVE-2007-1435

CREDITS
Parvez Anwar
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200703-350

SOURCES
db:CNVDid:CNVD-2007-1848
db:CNVDid:CNVD-2007-1847
db:VULHUBid:VHN-24797
db:BIDid:22923
db:JVNDBid:JVNDB-2007-001692
db:PACKETSTORMid:54996
db:CNNVDid:CNNVD-200703-350
db:NVDid:CVE-2007-1435

LAST UPDATE DATE
2025-04-10T23:13:20.241000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2007-1848date:2007-03-12T00:00:00
db:CNVDid:CNVD-2007-1847date:2007-03-12T00:00:00
db:VULHUBid:VHN-24797date:2008-11-13T00:00:00
db:BIDid:22923date:2015-05-12T19:29:00
db:JVNDBid:JVNDB-2007-001692date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200703-350date:2007-03-14T00:00:00
db:NVDid:CVE-2007-1435date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:CNVDid:CNVD-2007-1848date:2007-03-12T00:00:00
db:CNVDid:CNVD-2007-1847date:2007-03-12T00:00:00
db:VULHUBid:VHN-24797date:2007-03-13T00:00:00
db:BIDid:22923date:2007-03-12T00:00:00
db:JVNDBid:JVNDB-2007-001692date:2012-06-26T00:00:00
db:PACKETSTORMid:54996date:2007-03-13T00:30:19
db:CNNVDid:CNNVD-200703-350date:2007-03-13T00:00:00
db:NVDid:CVE-2007-1435date:2007-03-13T19:19:00