Details of VAR-201402-0508

ID

VAR-201402-0508

TITLE

Linksys WRT120N 'fprintf()' Function Remote Stack Buffer Overflow Vulnerability

Trust: 0.9

sources: CNVD: CNVD-2014-01391 // BID: 65860

DESCRIPTION

The Cisco Linksys WRT120N is a wireless router product from Cisco (USA). A remote stack-based buffer overflow vulnerability exists in the Cisco Linksys WRT120N. The vulnerability stems from the program's incorrect boundary check of user-supplied input, causing the program to copy data beyond the allocated memory buffer space. An attacker could use this vulnerability to execute arbitrary code in the context of an affected program or cause a denial of service. There are vulnerabilities in Linksys WRT120N running firmware version 1.0.07, other versions may also be affected. Failed exploit attempts will result in denial-of-service conditions

Trust: 1.35

sources: CNVD: CNVD-2014-01391 // CNNVD: CNNVD-201403-115 // BID: 65860

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-01391

AFFECTED PRODUCTS

vendor:	cisco	model:	linksys wrt120n	scope:	eq	version:	1.0.07	Trust: 0.6
vendor:	linksys	model:	wrt120n	scope:	eq	version:	1.0.0.7	Trust: 0.3

sources: CNVD: CNVD-2014-01391 // BID: 65860

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2014-01391
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2014-01391
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2014-01391

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201403-115

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201403-115

EXTERNAL IDS

db:	BID	id:	65860	Trust: 1.5
db:	SECUNIA	id:	57040	Trust: 0.6
db:	CNVD	id:	CNVD-2014-01391	Trust: 0.6
db:	CNNVD	id:	CNNVD-201403-115	Trust: 0.6

sources: CNVD: CNVD-2014-01391 // BID: 65860 // CNNVD: CNNVD-201403-115

REFERENCES

url:	http://secunia.com/advisories/57040/	Trust: 0.6
url:	http://www.securityfocus.com/bid/65860	Trust: 0.6
url:	http://www.linksys.com/	Trust: 0.3
url:	http://support.linksys.com/en-us/support/routers/wrt120n	Trust: 0.3
url:	http://www.devttys0.com/2014/02/wrt120n-fprintf-stack-overflow/	Trust: 0.3

sources: CNVD: CNVD-2014-01391 // BID: 65860 // CNNVD: CNNVD-201403-115

CREDITS

Craig Heffner

Trust: 0.9

sources: BID: 65860 // CNNVD: CNNVD-201403-115

SOURCES

db:	CNVD	id:	CNVD-2014-01391
db:	BID	id:	65860
db:	CNNVD	id:	CNNVD-201403-115

LAST UPDATE DATE

2022-05-17T01:55:55.909000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-01391	date:	2014-03-03T00:00:00
db:	BID	id:	65860	date:	2014-02-19T00:00:00
db:	CNNVD	id:	CNNVD-201403-115	date:	2015-12-15T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-01391	date:	2014-03-03T00:00:00
db:	BID	id:	65860	date:	2014-02-19T00:00:00
db:	CNNVD	id:	CNNVD-201403-115	date:	2014-02-19T00:00:00