Sign-up

ID

VAR-201704-0307


CVE

CVE-2016-1559


TITLE

plural D-Link Information disclosure vulnerability in product firmware

Trust: 0.8

sources: JVNDB: JVNDB-2016-008522

DESCRIPTION

D-Link DAP-1353 H/W vers. B1 3.15 and earlier, D-Link DAP-2553 H/W ver. A1 1.31 and earlier, and D-Link DAP-3520 H/W ver. A1 1.16 and earlier reveal wireless passwords and administrative usernames and passwords over SNMP. A1 Contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. D-Link is a network equipment and solution provider that includes a variety of router devices. There are information disclosure vulnerabilities in various D-Link devices, and an attacker can exploit the vulnerability to obtain an administrator account and a wireless password. are all routing routes of D-Link. Several D-Link products have security vulnerabilities. The following products and versions are affected: D-Link DAP-1353 H/W vers. Hello, We’d like to report several vulnerabilities in embedded devices developed by D-Link and Netgear, which were discovered using our FIRMADYNE framework for emulation and dynamic analysis of Linux-based embedded devices. For more information, refer to our academic paper and open-source release at https://github.com/firmadyne/firmadyne. Several Netgear devices include unauthenticated webpages that pass form input directly to the command-line, allowing for a command injection attack in `boardData102.php`, `boardData103.php`, `boardDataJP.php`, `boardDataNA.php`, and `boardDataWW.php`. This has been assigned CVE-2016-1555. Affected devices include: Netgear WN604 Netgear WN802Tv2 Netgear WNAP210 Netgear WNAP320 Netgear WNDAP350 Netgear WNDAP360 Several D-Link devices include a web server that is vulnerable to a buffer overflow while parsing the 'dlink_uid' cookie. The length of the value set in the cookie is obtained using strlen(), which is then passed to memcpy(), and the value is copied into a fixed-size buffer. This has been assigned CVE-2016-1558. Affected devices include: D-Link DAP-2310 D-Link DAP-2330 D-Link DAP-2360 D-Link DAP-2553 D-Link DAP-2660 D-Link DAP-2690 D-Link DAP-2695 Several Netgear devices include unauthenticated webpages that disclose the wireless WPS PIN, allowing for information disclosure. This has been assigned CVE-2016-1556. Affected devices include: Netgear WN604 Netgear WNAP210 Netgear WNAP320 Netgear WND930 Netgear WNDAP350 Netgear WNDAP360 Several devices by both D-Link and Netgear disclose wireless passwords and administrative usernames/passwords over SNMP, including OID’s iso.3.6.1.4.1.171.10.37.35.2.1.3.3.2.1.1.4, iso.3.6.1.4.1.171.10.37.38.2.1.3.3.2.1.1.4, iso.3.6.1.4.1.171.10.37.35.4.1.1.1, iso.3.6.1.4.1.171.10.37.37.4.1.1.1, iso.3.6.1.4.1.171.10.37.38.4.1.1.1, iso.3.6.1.4.1.4526.100.7.8.1.5, iso.3.6.1.4.1.4526.100.7.9.1.5, iso.3.6.1.4.1.4526.100.7.9.1.7, and iso.3.6.1.4.1.4526.100.7.10.1.7. This has been assigned CVE-2016-1557 for Netgear devices, and CVE-2016-1559 for D-Link devices. Affected devices include: D-Link DAP-1353 D-Link DAP-2553 D-Link DAP-3520 Netgear WNAP320 Netgear WNDAP350 Netgear WNDAP360 We have not heard back from D-Link after contacting the vendor. Netgear will fix WN604 with firmware 3.3.3 by late February, but the tentative ETA for the remaining devices is mid-March. Thanks, Dominic

Trust: 2.34

sources: NVD: CVE-2016-1559 // JVNDB: JVNDB-2016-008522 // CNVD: CNVD-2016-01691 // VULHUB: VHN-90378 // PACKETSTORM: 135956

IOT TAXONOMY

category:['IoT', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-01691

AFFECTED PRODUCTS

vendor:d linkmodel:dap-2553 h\/w a1scope:eqversion:1.31

Trust: 1.6

vendor:d linkmodel:dap-1353 h\/w b1scope:eqversion:3.15

Trust: 1.6

vendor:d linkmodel:dap-3520 h\/w a1scope:eqversion:1.16

Trust: 1.6

vendor:d linkmodel:dap-1353 h/w vers. b1scope:lteversion:3.15

Trust: 0.8

vendor:d linkmodel:dap-2553 h/w ver. a1scope:lteversion:1.31

Trust: 0.8

vendor:d linkmodel:dap-3520 h/w ver. a1scope:lteversion:1.16

Trust: 0.8

vendor:d linkmodel:d-link dap-1353scope: - version: -

Trust: 0.6

vendor:d linkmodel:d-link dap-2553scope: - version: -

Trust: 0.6

vendor:d linkmodel:d-link dap-3520scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2016-01691 // JVNDB: JVNDB-2016-008522 // CNNVD: CNNVD-201604-394 // NVD: CVE-2016-1559

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-1559
value: HIGH

Trust: 1.0

NVD: CVE-2016-1559
value: HIGH

Trust: 0.8

CNVD: CNVD-2016-01691
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201604-394
value: HIGH

Trust: 0.6

VULHUB: VHN-90378
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2016-1559
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-01691
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-90378
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-1559
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-01691 // VULHUB: VHN-90378 // JVNDB: JVNDB-2016-008522 // CNNVD: CNNVD-201604-394 // NVD: CVE-2016-1559

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-90378 // JVNDB: JVNDB-2016-008522 // NVD: CVE-2016-1559

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201604-394

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201604-394

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-008522

PATCH
title:FIRMADYNE CVE-2016-1558 & CVE-2016-1559url:http://www.dlink.com/mk/mk/support/support-news/2016/march/16/firmadyne-cve_2016_1558-cve_2016_1559
Trust: 0.8
title:Multiple D-Link Product security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=234994
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-008522 // 
            
            
            
            CNNVD: CNNVD-201604-394

EXTERNAL IDS
db:NVDid:CVE-2016-1559
Trust: 3.2
db:PACKETSTORMid:135956
Trust: 1.8
db:JVNDBid:JVNDB-2016-008522
Trust: 0.8
db:CNNVDid:CNNVD-201604-394
Trust: 0.7
db:CNVDid:CNVD-2016-01691
Trust: 0.6
db:VULHUBid:VHN-90378
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-01691 // 
            
            
            
            VULHUB: VHN-90378 // 
            
            
            
            JVNDB: JVNDB-2016-008522 // 
            
            
            
            PACKETSTORM: 135956 // 
            
            
            
            CNNVD: CNNVD-201604-394 // 
            
            
            
            NVD: CVE-2016-1559

REFERENCES
url:http://seclists.org/fulldisclosure/2016/feb/112
Trust: 2.3
url:http://www.dlink.com/mk/mk/support/support-news/2016/march/16/firmadyne-cve_2016_1558-cve_2016_1559
Trust: 1.7
url:http://packetstormsecurity.com/files/135956/d-link-netgear-firmadyne-command-injection-buffer-overflow.html
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2016-1559
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1559
Trust: 0.8
url:https://github.com/firmadyne/firmadyne.
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-1557
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-1555
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-1558
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-01691 // 
            
            
            
            VULHUB: VHN-90378 // 
            
            
            
            JVNDB: JVNDB-2016-008522 // 
            
            
            
            PACKETSTORM: 135956 // 
            
            
            
            CNNVD: CNNVD-201604-394 // 
            
            
            
            NVD: CVE-2016-1559

CREDITS
Dominic Chen
Trust: 0.1
sources:
            
            
            PACKETSTORM: 135956

SOURCES
db:CNVDid:CNVD-2016-01691
db:VULHUBid:VHN-90378
db:JVNDBid:JVNDB-2016-008522
db:PACKETSTORMid:135956
db:CNNVDid:CNNVD-201604-394
db:NVDid:CVE-2016-1559

LAST UPDATE DATE
2025-04-20T23:13:13.551000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-01691date:2016-03-16T00:00:00
db:VULHUBid:VHN-90378date:2017-04-28T00:00:00
db:JVNDBid:JVNDB-2016-008522date:2017-05-26T00:00:00
db:CNNVDid:CNNVD-201604-394date:2023-04-27T00:00:00
db:NVDid:CVE-2016-1559date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-01691date:2016-03-16T00:00:00
db:VULHUBid:VHN-90378date:2017-04-21T00:00:00
db:JVNDBid:JVNDB-2016-008522date:2017-05-26T00:00:00
db:PACKETSTORMid:135956date:2016-02-26T17:22:22
db:CNNVDid:CNNVD-201604-394date:2016-03-01T00:00:00
db:NVDid:CVE-2016-1559date:2017-04-21T15:59:00.490