Sign-up

ID

VAR-201704-0306


CVE

CVE-2016-1558


TITLE

plural D-Link Product buffer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-008490

DESCRIPTION

Buffer overflow in D-Link DAP-2310 2.06 and earlier, DAP-2330 1.06 and earlier, DAP-2360 2.06 and earlier, DAP-2553 H/W ver. B1 3.05 and earlier, DAP-2660 1.11 and earlier, DAP-2690 3.15 and earlier, DAP-2695 1.16 and earlier, DAP-3320 1.00 and earlier, and DAP-3662 1.01 and earlier allows remote attackers to have unspecified impact via a crafted 'dlink_uid' cookie. plural D-Link The product contains a buffer overflow vulnerability.Crafted by a remote attacker 'dlink_uid' Cookie May be unspecified. D-Link is a network equipment and solution provider that includes a variety of router devices. Multiple D-Link products have a buffer overflow vulnerability in handling the 'dlink_uid' parameter, which can be exploited by an attacker to execute arbitrary code on an affected device. D-Link DAP-2310 and others are wireless access points (AP) of D-Link. A buffer overflow vulnerability exists in several D-Link products. Hello, We’d like to report several vulnerabilities in embedded devices developed by D-Link and Netgear, which were discovered using our FIRMADYNE framework for emulation and dynamic analysis of Linux-based embedded devices. For more information, refer to our academic paper and open-source release at https://github.com/firmadyne/firmadyne. Several Netgear devices include unauthenticated webpages that pass form input directly to the command-line, allowing for a command injection attack in `boardData102.php`, `boardData103.php`, `boardDataJP.php`, `boardDataNA.php`, and `boardDataWW.php`. This has been assigned CVE-2016-1555. Affected devices include: Netgear WN604 Netgear WN802Tv2 Netgear WNAP210 Netgear WNAP320 Netgear WNDAP350 Netgear WNDAP360 Several D-Link devices include a web server that is vulnerable to a buffer overflow while parsing the 'dlink_uid' cookie. The length of the value set in the cookie is obtained using strlen(), which is then passed to memcpy(), and the value is copied into a fixed-size buffer. This has been assigned CVE-2016-1558. Affected devices include: D-Link DAP-2310 D-Link DAP-2330 D-Link DAP-2360 D-Link DAP-2553 D-Link DAP-2660 D-Link DAP-2690 D-Link DAP-2695 Several Netgear devices include unauthenticated webpages that disclose the wireless WPS PIN, allowing for information disclosure. This has been assigned CVE-2016-1556. Affected devices include: Netgear WN604 Netgear WNAP210 Netgear WNAP320 Netgear WND930 Netgear WNDAP350 Netgear WNDAP360 Several devices by both D-Link and Netgear disclose wireless passwords and administrative usernames/passwords over SNMP, including OID’s iso.3.6.1.4.1.171.10.37.35.2.1.3.3.2.1.1.4, iso.3.6.1.4.1.171.10.37.38.2.1.3.3.2.1.1.4, iso.3.6.1.4.1.171.10.37.35.4.1.1.1, iso.3.6.1.4.1.171.10.37.37.4.1.1.1, iso.3.6.1.4.1.171.10.37.38.4.1.1.1, iso.3.6.1.4.1.4526.100.7.8.1.5, iso.3.6.1.4.1.4526.100.7.9.1.5, iso.3.6.1.4.1.4526.100.7.9.1.7, and iso.3.6.1.4.1.4526.100.7.10.1.7. This has been assigned CVE-2016-1557 for Netgear devices, and CVE-2016-1559 for D-Link devices. Affected devices include: D-Link DAP-1353 D-Link DAP-2553 D-Link DAP-3520 Netgear WNAP320 Netgear WNDAP350 Netgear WNDAP360 We have not heard back from D-Link after contacting the vendor. Netgear will fix WN604 with firmware 3.3.3 by late February, but the tentative ETA for the remaining devices is mid-March. Thanks, Dominic

Trust: 2.34

sources: NVD: CVE-2016-1558 // JVNDB: JVNDB-2016-008490 // CNVD: CNVD-2016-01688 // VULHUB: VHN-90377 // PACKETSTORM: 135956

IOT TAXONOMY

category:['IoT', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-01688

AFFECTED PRODUCTS

vendor:dlinkmodel:dap-2695scope:eqversion:1.16

Trust: 1.0

vendor:dlinkmodel:dap-2660scope:eqversion:1.11

Trust: 1.0

vendor:dlinkmodel:dap-2330scope:eqversion:1.06

Trust: 1.0

vendor:dlinkmodel:dap-2690scope:eqversion:3.15

Trust: 1.0

vendor:dlinkmodel:dap-2360scope:eqversion:2.06

Trust: 1.0

vendor:dlinkmodel:dap-2310scope:eqversion:2.06

Trust: 1.0

vendor:dlinkmodel:dap-2230scope:eqversion:1.02

Trust: 1.0

vendor:dlinkmodel:dap-3662scope:eqversion:1.01

Trust: 1.0

vendor:dlinkmodel:dap-3320scope:eqversion:1.00

Trust: 1.0

vendor:dlinkmodel:dap-2553scope:eqversion:3.05

Trust: 1.0

vendor:d linkmodel:dap-2230scope: - version: -

Trust: 0.8

vendor:d linkmodel:dap-2310scope: - version: -

Trust: 0.8

vendor:d linkmodel:dap-2330scope: - version: -

Trust: 0.8

vendor:d linkmodel:dap-2360scope: - version: -

Trust: 0.8

vendor:d linkmodel:dap-2553scope: - version: -

Trust: 0.8

vendor:d linkmodel:dap-2660scope: - version: -

Trust: 0.8

vendor:d linkmodel:dap-2690scope: - version: -

Trust: 0.8

vendor:d linkmodel:dap-2695scope: - version: -

Trust: 0.8

vendor:d linkmodel:dap-3320scope: - version: -

Trust: 0.8

vendor:d linkmodel:dap-3662scope: - version: -

Trust: 0.8

vendor:d linkmodel:d-link dap-2310scope: - version: -

Trust: 0.6

vendor:d linkmodel:d-link dap-2330scope: - version: -

Trust: 0.6

vendor:d linkmodel:d-link dap-2360scope: - version: -

Trust: 0.6

vendor:d linkmodel:d-link dap-2553scope: - version: -

Trust: 0.6

vendor:d linkmodel:d-link dap-2660scope: - version: -

Trust: 0.6

vendor:d linkmodel:d-link dap-2690scope: - version: -

Trust: 0.6

vendor:d linkmodel:d-link dap-2695scope: - version: -

Trust: 0.6

vendor:d linkmodel:dap-2690scope:eqversion:3.15

Trust: 0.6

vendor:d linkmodel:dap-2360scope:eqversion:2.06

Trust: 0.6

vendor:d linkmodel:dap-2230scope:eqversion:1.02

Trust: 0.6

vendor:d linkmodel:dap-2330scope:eqversion:1.06

Trust: 0.6

vendor:d linkmodel:dap-3320scope:eqversion:1.00

Trust: 0.6

vendor:d linkmodel:dap-2553scope:eqversion:3.05

Trust: 0.6

vendor:d linkmodel:dap-2310scope:eqversion:2.06

Trust: 0.6

vendor:d linkmodel:dap-2660scope:eqversion:1.11

Trust: 0.6

vendor:d linkmodel:dap-2695scope:eqversion:1.16

Trust: 0.6

vendor:d linkmodel:dap-3662scope:eqversion:1.01

Trust: 0.6

sources: CNVD: CNVD-2016-01688 // JVNDB: JVNDB-2016-008490 // CNNVD: CNNVD-201604-396 // NVD: CVE-2016-1558

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-1558
value: CRITICAL

Trust: 1.0

NVD: CVE-2016-1558
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2016-01688
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201604-396
value: CRITICAL

Trust: 0.6

VULHUB: VHN-90377
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-1558
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-01688
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-90377
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-1558
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-01688 // VULHUB: VHN-90377 // JVNDB: JVNDB-2016-008490 // CNNVD: CNNVD-201604-396 // NVD: CVE-2016-1558

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-90377 // JVNDB: JVNDB-2016-008490 // NVD: CVE-2016-1558

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201604-396

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201604-396

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-008490

PATCH
title:FIRMADYNE CVE-2016-1558 & CVE-2016-1559url:http://www.dlink.com/mk/mk/support/support-news/2016/march/16/firmadyne-cve_2016_1558-cve_2016_1559
Trust: 0.8
title:Multiple D-Link Product Buffer Error Vulnerability Fixurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=234995
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-008490 // 
            
            
            
            CNNVD: CNNVD-201604-396

EXTERNAL IDS
db:NVDid:CVE-2016-1558
Trust: 3.2
db:PACKETSTORMid:135956
Trust: 1.8
db:JVNDBid:JVNDB-2016-008490
Trust: 0.8
db:CNNVDid:CNNVD-201604-396
Trust: 0.7
db:CNVDid:CNVD-2016-01688
Trust: 0.6
db:VULHUBid:VHN-90377
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-01688 // 
            
            
            
            VULHUB: VHN-90377 // 
            
            
            
            JVNDB: JVNDB-2016-008490 // 
            
            
            
            PACKETSTORM: 135956 // 
            
            
            
            CNNVD: CNNVD-201604-396 // 
            
            
            
            NVD: CVE-2016-1558

REFERENCES
url:http://seclists.org/fulldisclosure/2016/feb/112
Trust: 2.3
url:http://www.dlink.com/mk/mk/support/support-news/2016/march/16/firmadyne-cve_2016_1558-cve_2016_1559
Trust: 1.7
url:http://packetstormsecurity.com/files/135956/d-link-netgear-firmadyne-command-injection-buffer-overflow.html
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2016-1558
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1558
Trust: 0.8
url:https://github.com/firmadyne/firmadyne.
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-1557
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-1559
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-1555
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-01688 // 
            
            
            
            VULHUB: VHN-90377 // 
            
            
            
            JVNDB: JVNDB-2016-008490 // 
            
            
            
            PACKETSTORM: 135956 // 
            
            
            
            CNNVD: CNNVD-201604-396 // 
            
            
            
            NVD: CVE-2016-1558

CREDITS
Dominic Chen
Trust: 0.1
sources:
            
            
            PACKETSTORM: 135956

SOURCES
db:CNVDid:CNVD-2016-01688
db:VULHUBid:VHN-90377
db:JVNDBid:JVNDB-2016-008490
db:PACKETSTORMid:135956
db:CNNVDid:CNNVD-201604-396
db:NVDid:CVE-2016-1558

LAST UPDATE DATE
2025-04-20T23:13:13.994000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-01688date:2016-03-16T00:00:00
db:VULHUBid:VHN-90377date:2017-04-27T00:00:00
db:JVNDBid:JVNDB-2016-008490date:2017-05-24T00:00:00
db:CNNVDid:CNNVD-201604-396date:2023-04-27T00:00:00
db:NVDid:CVE-2016-1558date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-01688date:2016-03-16T00:00:00
db:VULHUBid:VHN-90377date:2017-04-21T00:00:00
db:JVNDBid:JVNDB-2016-008490date:2017-05-24T00:00:00
db:PACKETSTORMid:135956date:2016-02-26T17:22:22
db:CNNVDid:CNNVD-201604-396date:2016-03-01T00:00:00
db:NVDid:CVE-2016-1558date:2017-04-21T15:59:00.457