Details of VAR-201611-0420

ID

VAR-201611-0420

TITLE

Buffer overflow vulnerability in HTTP_HNAP_AUTH field in D-Link http header

Trust: 0.6

sources: CNVD: CNVD-2016-10227

DESCRIPTION

D-Link DIR-890L is a wireless cloud router. A buffer overflow vulnerability exists in the HTTP_HNAP_AUTH field in the D-Link http header. Because the variable src in hnap's processing function is taken from strstr's division of the HTTP_HNAP_AUTH field, the length of the source string is unlimited when copying, v17; // [sp + 3CCh] [bp-30h] @ 9, so as long as 0x30 Bytes can overflow.

Trust: 0.6

sources: CNVD: CNVD-2016-10227

IOT TAXONOMY

category:

['IoT', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-10227

AFFECTED PRODUCTS

vendor:

d link

model:

dir-890l a1-2015.10

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2016-10227

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2016-10227
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2016-10227
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2016-10227

EXTERNAL IDS

db:

CNVD

id:

CNVD-2016-10227

Trust: 0.6

sources: CNVD: CNVD-2016-10227

SOURCES

db:

CNVD

id:

CNVD-2016-10227

LAST UPDATE DATE

2022-05-04T08:41:29.674000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2016-10227

date:

2016-12-23T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2016-10227

date:

2016-11-07T00:00:00