Sign-up

ID

VAR-200909-0140


CVE

CVE-2009-3347


TITLE

D-Link DIR-400 Wireless router buffer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2009-003777

DESCRIPTION

Buffer overflow on the D-Link DIR-400 wireless router allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.10 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. D-Link DIR-400 is prone to an unspecified remote buffer-overflow vulnerability because it fails to bounds-check user-supplied input before copying it into an insufficiently sized memory buffer. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: D-Link DIR-400 Wireless Router Unspecified Buffer Overflow SECUNIA ADVISORY ID: SA36454 VERIFY ADVISORY: http://secunia.com/advisories/36454/ DESCRIPTION: A vulnerability has been reported in D-Link DIR-400 wireless router, which can be exploited to compromise a vulnerable device. The vulnerability is caused due to an unspecified error and can be exploited to cause a buffer overflow. SOLUTION: Due to the very limited available information, it is not possible to suggest an effective workaround. PROVIDED AND/OR DISCOVERED BY: Reportedly a module for VulnDisco Pack. ORIGINAL ADVISORY: http://intevydis.com/vd-list.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2009-3347 // JVNDB: JVNDB-2009-003777 // BID: 36237 // VULHUB: VHN-40793 // PACKETSTORM: 81019

AFFECTED PRODUCTS

vendor:d linkmodel:dir-400scope: - version: -

Trust: 1.4

vendor:d linkmodel:dir-400scope:eqversion:*

Trust: 1.0

vendor:d linkmodel:dir-400scope:eqversion:0

Trust: 0.3

sources: BID: 36237 // JVNDB: JVNDB-2009-003777 // CNNVD: CNNVD-200909-459 // NVD: CVE-2009-3347

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2009-3347
value: HIGH

Trust: 1.0

NVD: CVE-2009-3347
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200909-459
value: CRITICAL

Trust: 0.6

VULHUB: VHN-40793
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2009-3347
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-40793
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-40793 // JVNDB: JVNDB-2009-003777 // CNNVD: CNNVD-200909-459 // NVD: CVE-2009-3347

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-40793 // JVNDB: JVNDB-2009-003777 // NVD: CVE-2009-3347

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200909-459

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200909-459

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2009-003777

PATCH
title:Top Pageurl:http://www.dlink.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2009-003777

EXTERNAL IDS
db:NVDid:CVE-2009-3347
Trust: 2.5
db:BIDid:36237
Trust: 2.0
db:SECUNIAid:36454
Trust: 1.8
db:OSVDBid:57791
Trust: 1.7
db:SECTRACKid:1022826
Trust: 1.7
db:JVNDBid:JVNDB-2009-003777
Trust: 0.8
db:CNNVDid:CNNVD-200909-459
Trust: 0.7
db:VULHUBid:VHN-40793
Trust: 0.1
db:PACKETSTORMid:81019
Trust: 0.1
sources:
            
            
            VULHUB: VHN-40793 // 
            
            
            
            BID: 36237 // 
            
            
            
            JVNDB: JVNDB-2009-003777 // 
            
            
            
            PACKETSTORM: 81019 // 
            
            
            
            CNNVD: CNNVD-200909-459 // 
            
            
            
            NVD: CVE-2009-3347

REFERENCES
url:http://intevydis.com/vd-list.shtml
Trust: 1.8
url:http://www.securityfocus.com/bid/36237
Trust: 1.7
url:http://www.osvdb.org/57791
Trust: 1.7
url:http://www.securitytracker.com/id?1022826
Trust: 1.7
url:http://secunia.com/advisories/36454
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3347
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-3347
Trust: 0.8
url:http://www.dlink.com/
Trust: 0.3
url:http://intevydis.com/company.shtml
Trust: 0.3
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/advisories/business_solutions/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/advisories/36454/
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-40793 // 
            
            
            
            BID: 36237 // 
            
            
            
            JVNDB: JVNDB-2009-003777 // 
            
            
            
            PACKETSTORM: 81019 // 
            
            
            
            CNNVD: CNNVD-200909-459 // 
            
            
            
            NVD: CVE-2009-3347

CREDITS
Intevydis
Trust: 0.9
sources:
            
            
            BID: 36237 // 
            
            
            
            CNNVD: CNNVD-200909-459

SOURCES
db:VULHUBid:VHN-40793
db:BIDid:36237
db:JVNDBid:JVNDB-2009-003777
db:PACKETSTORMid:81019
db:CNNVDid:CNNVD-200909-459
db:NVDid:CVE-2009-3347

LAST UPDATE DATE
2025-04-10T23:24:11.435000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-40793date:2011-12-20T00:00:00
db:BIDid:36237date:2009-09-03T18:02:00
db:JVNDBid:JVNDB-2009-003777date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200909-459date:2009-09-24T00:00:00
db:NVDid:CVE-2009-3347date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-40793date:2009-09-24T00:00:00
db:BIDid:36237date:2009-09-03T00:00:00
db:JVNDBid:JVNDB-2009-003777date:2012-06-26T00:00:00
db:PACKETSTORMid:81019date:2009-09-07T07:18:59
db:CNNVDid:CNNVD-200909-459date:2009-09-24T00:00:00
db:NVDid:CVE-2009-3347date:2009-09-24T16:30:01.877