Sign-up

ID

VAR-202003-1402


CVE

CVE-2020-9535


TITLE

D-Link DIR-615Jx10 Out-of-bounds write vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-002381

DESCRIPTION

fmwlan.c on D-Link DIR-615Jx10 devices has a stack-based buffer overflow via the formWlanSetup_Wizard webpage parameter when f_radius_ip1 is malformed. D-Link DIR-615Jx10 Is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. D-Link DIR-615 is a wireless router from Taiwan D-Link. A buffer overflow vulnerability exists in the fmwlan.c file in D-Link DIR-615Jx10. The vulnerability originates from a network system or product that incorrectly validates data boundaries when performing operations on memory, resulting in incorrect read and write operations to other associated memory locations. An attacker could use this vulnerability to cause a buffer overflow or heap overflow

Trust: 2.16

sources: NVD: CVE-2020-9535 // JVNDB: JVNDB-2020-002381 // CNVD: CNVD-2020-15142

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-15142

AFFECTED PRODUCTS

vendor:d linkmodel:dir-615jx10scope: - version: -

Trust: 1.4

vendor:dlinkmodel:dir-615jx10scope:eqversion: -

Trust: 1.0

sources: CNVD: CNVD-2020-15142 // JVNDB: JVNDB-2020-002381 // NVD: CVE-2020-9535

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9535
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-002381
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-15142
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202003-002
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2020-9535
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-002381
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-15142
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-9535
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-002381
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-15142 // JVNDB: JVNDB-2020-002381 // CNNVD: CNNVD-202003-002 // NVD: CVE-2020-9535

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.8

sources: JVNDB: JVNDB-2020-002381 // NVD: CVE-2020-9535

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-002

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202003-002

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-002381

PATCH
title:Top Pageurl:https://www.dlink.com/en/consumer
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-002381

EXTERNAL IDS
db:NVDid:CVE-2020-9535
Trust: 3.0
db:JVNDBid:JVNDB-2020-002381
Trust: 0.8
db:CNVDid:CNVD-2020-15142
Trust: 0.6
db:CNNVDid:CNNVD-202003-002
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-15142 // 
            
            
            
            JVNDB: JVNDB-2020-002381 // 
            
            
            
            CNNVD: CNNVD-202003-002 // 
            
            
            
            NVD: CVE-2020-9535

REFERENCES
url:https://github.com/ladinas/vulns_of_embedded_systems/blob/master/two%20stack%20overflows%20were%20found%20in%20dir-615jx10.0%20devices.pdf
Trust: 3.0
url:https://nvd.nist.gov/vuln/detail/cve-2020-9535
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9535
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-15142 // 
            
            
            
            JVNDB: JVNDB-2020-002381 // 
            
            
            
            CNNVD: CNNVD-202003-002 // 
            
            
            
            NVD: CVE-2020-9535

SOURCES
db:CNVDid:CNVD-2020-15142
db:JVNDBid:JVNDB-2020-002381
db:CNNVDid:CNNVD-202003-002
db:NVDid:CVE-2020-9535

LAST UPDATE DATE
2024-11-23T22:44:38.266000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-15142date:2020-03-03T00:00:00
db:JVNDBid:JVNDB-2020-002381date:2020-03-13T00:00:00
db:CNNVDid:CNNVD-202003-002date:2021-01-05T00:00:00
db:NVDid:CVE-2020-9535date:2024-11-21T05:40:49.367

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-15142date:2020-03-03T00:00:00
db:JVNDBid:JVNDB-2020-002381date:2020-03-13T00:00:00
db:CNNVDid:CNNVD-202003-002date:2020-03-01T00:00:00
db:NVDid:CVE-2020-9535date:2020-03-02T00:15:10.703