Sign-up

ID

VAR-202003-1401


CVE

CVE-2020-9534


TITLE

D-Link DIR-615Jx10 Out-of-bounds write vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2020-002316

DESCRIPTION

fmwlan.c on D-Link DIR-615Jx10 devices has a stack-based buffer overflow via the formWlanSetup webpage parameter when f_radius_ip1 is malformed. D-Link DIR-615Jx10 The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. D-Link DIR-615Jx10 is a wireless router from Taiwan D-Link Corporation. A buffer overflow vulnerability exists in the fmwlan.c file in D-Link DIR-615Jx10. The vulnerability originates from a network system or product that incorrectly validates data boundaries when performing operations on memory, causing incorrect read and write operations to be performed on other associated memory locations. An attacker could use this vulnerability to cause a buffer overflow or heap overflow

Trust: 2.16

sources: NVD: CVE-2020-9534 // JVNDB: JVNDB-2020-002316 // CNVD: CNVD-2020-15935

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-15935

AFFECTED PRODUCTS

vendor:dlinkmodel:dir-615jx10scope:eqversion: -

Trust: 1.0

vendor:d linkmodel:dir-615jx10scope: - version: -

Trust: 0.8

vendor:d linkmodel:d-link dir-615jx10scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-15935 // JVNDB: JVNDB-2020-002316 // NVD: CVE-2020-9534

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9534
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-002316
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-15935
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202003-001
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2020-9534
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-002316
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-15935
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-9534
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-002316
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-15935 // JVNDB: JVNDB-2020-002316 // CNNVD: CNNVD-202003-001 // NVD: CVE-2020-9534

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.8

sources: JVNDB: JVNDB-2020-002316 // NVD: CVE-2020-9534

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-001

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202003-001

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-002316

PATCH
title:Top Pageurl:https://www.dlink.com
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-002316

EXTERNAL IDS
db:NVDid:CVE-2020-9534
Trust: 3.0
db:JVNDBid:JVNDB-2020-002316
Trust: 0.8
db:CNVDid:CNVD-2020-15935
Trust: 0.6
db:CNNVDid:CNNVD-202003-001
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-15935 // 
            
            
            
            JVNDB: JVNDB-2020-002316 // 
            
            
            
            CNNVD: CNNVD-202003-001 // 
            
            
            
            NVD: CVE-2020-9534

REFERENCES
url:https://github.com/ladinas/vulns_of_embedded_systems/blob/master/two%20stack%20overflows%20were%20found%20in%20dir-615jx10.0%20devices.pdf
Trust: 3.0
url:https://nvd.nist.gov/vuln/detail/cve-2020-9534
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9534
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-15935 // 
            
            
            
            JVNDB: JVNDB-2020-002316 // 
            
            
            
            CNNVD: CNNVD-202003-001 // 
            
            
            
            NVD: CVE-2020-9534

SOURCES
db:CNVDid:CNVD-2020-15935
db:JVNDBid:JVNDB-2020-002316
db:CNNVDid:CNNVD-202003-001
db:NVDid:CVE-2020-9534

LAST UPDATE DATE
2024-11-23T22:41:08.776000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-15935date:2020-03-06T00:00:00
db:JVNDBid:JVNDB-2020-002316date:2020-03-11T00:00:00
db:CNNVDid:CNNVD-202003-001date:2020-04-01T00:00:00
db:NVDid:CVE-2020-9534date:2024-11-21T05:40:49.220

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-15935date:2020-03-06T00:00:00
db:JVNDBid:JVNDB-2020-002316date:2020-03-11T00:00:00
db:CNNVDid:CNNVD-202003-001date:2020-03-01T00:00:00
db:NVDid:CVE-2020-9534date:2020-03-02T00:15:10.623