ID
VAR-200212-0881
TITLE
Multiple Linksys Device strcat() Remote Buffer Overflow Vulnerability
Trust: 0.6
DESCRIPTION
Linksys has developed a variety of broadband router devices, including BEFW11S4, BEFSRU31, etc., which includes a WEB management interface managed by HTTP. Multiple Linksys device management interfaces have problems handling the strcat() function. Remote attackers can exploit this vulnerability to perform denial of service attacks on devices and stop responding to normal communications. Since the strcat() function lacks the correct boundary buffer check for the input parameters, an attacker can exploit this vulnerability to send a malformed request to a Linksys device that has this vulnerability. When the device attempts to process malicious input, it can cause the memory information to be corrupted and the device to crash. Stop responding. This vulnerability can only be exploited when the device has UPnP (Universal Plug and Play) enabled.
Trust: 0.6
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | no | model: | - | scope: | - | version: | - | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||
|
|
PATCH
| title: | Patch of multiple Linksys device strcat() remote buffer overflow vulnerability | url: | https://www.cnvd.org.cn/patchinfo/show/41838 | Trust: 0.6 |
EXTERNAL IDS
| db: | BID | id: | 63036303 | Trust: 0.6 |
| db: | CNVD | id: | CNVD-2013-15342 | Trust: 0.6 |
REFERENCES
| url: | http://marc.theaimsgroup.com/?l=bugtraq&m=103893609009727&w=2 | Trust: 0.6 |
SOURCES
| db: | CNVD | id: | CNVD-2013-15342 |
LAST UPDATE DATE
2022-05-17T02:09:33.744000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2013-15342 | date: | 2013-12-19T00:00:00 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2013-15342 | date: | 2002-12-03T00:00:00 |