Details of VAR-201008-0398

ID

VAR-201008-0398

TITLE

D-Link WBR-2310 Web Server HTTP GET Request Remote Buffer Overflow Vulnerability

Trust: 0.9

sources: CNVD: CNVD-2010-1523 // BID: 42153

DESCRIPTION

D-Link WBR-2310 is a wireless router device. D-Link WBR-2310 Web Server incorrectly filters specially constructed GET requests. Remote attackers can use the vulnerability to perform denial of service attacks on service programs. D-Link WBR-2310 is prone to a remote buffer-overflow vulnerability because it fails to bounds-check user-supplied input before copying it into an insufficiently sized memory buffer. This issue occurs in the device's webserver. D-Link WBR-2310 firmware version 1.04 is vulnerable; other versions may also be affected

Trust: 0.81

sources: CNVD: CNVD-2010-1523 // BID: 42153

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2010-1523

AFFECTED PRODUCTS

vendor:

d link

model:

wbr-2310

scope:

version:

1.0.4

Trust: 0.9

sources: CNVD: CNVD-2010-1523 // BID: 42153

THREAT TYPE

network

Trust: 0.3

sources: BID: 42153

TYPE

Boundary Condition Error

Trust: 0.3

sources: BID: 42153

EXTERNAL IDS

db:	BID	id:	42153	Trust: 0.9
db:	CNVD	id:	CNVD-2010-1523	Trust: 0.6

sources: CNVD: CNVD-2010-1523 // BID: 42153

REFERENCES

url:	http://www.securityfocus.com/archive/1/512821	Trust: 0.6
url:	http://www.dlink.com/	Trust: 0.3
url:	/archive/1/512821	Trust: 0.3

sources: CNVD: CNVD-2010-1523 // BID: 42153

CREDITS

Rodrigo Escobar

Trust: 0.3

sources: BID: 42153

SOURCES

db:	CNVD	id:	CNVD-2010-1523
db:	BID	id:	42153

LAST UPDATE DATE

2022-05-17T02:04:51.440000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2010-1523	date:	2010-08-09T00:00:00
db:	BID	id:	42153	date:	2010-08-03T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2010-1523	date:	2010-08-09T00:00:00
db:	BID	id:	42153	date:	2010-08-03T00:00:00