Details of VAR-200303-0125

ID

VAR-200303-0125

TITLE

D-Link DI-614+ IP Fragment Reassembly Remote Denial of Service Attack Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2003-0862

DESCRIPTION

The D-Link DI-614+ is a wireless router made by D-LINK. The D-Link DI-614+ wireless router does not handle the special fragmented IP packets incorrectly. A remote attacker can exploit this vulnerability to reset the router and cause a denial of service. An attacker sends a fragmented packet with a malicious size parameter to the affected device, causing the device to reboot and fail to handle normal communication. It has been reported that the implementation of the Internet Protocol (IP) in the firmware of the D-Link DI-614+ wireless router is vulnerable to a remotely exploitable denial of service condition. There is existing source code that exploits similar, older vulnerabilities that can be used to successfully exploit this vulnerability. When exploited, the device will reboot instantly. This will result in a denial of service until the device has restarted

Trust: 0.81

sources: CNVD: CNVD-2003-0862 // BID: 7219

IOT TAXONOMY

category:

['IoT', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2003-0862

AFFECTED PRODUCTS

vendor:	d link	model:	airplus di-614+ 2.20cm	scope:	-	version:	-	Trust: 0.6
vendor:	d link	model:	di-614+	scope:	eq	version:	2.0	Trust: 0.3

sources: CNVD: CNVD-2003-0862 // BID: 7219

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2003-0862
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2003-0862
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2003-0862

THREAT TYPE

network

Trust: 0.3

sources: BID: 7219

TYPE

Design Error

Trust: 0.3

sources: BID: 7219

EXTERNAL IDS

db:	BID	id:	7219	Trust: 0.9
db:	CNVD	id:	CNVD-2003-0862	Trust: 0.6

sources: CNVD: CNVD-2003-0862 // BID: 7219

REFERENCES

url:	http://marc.theaimsgroup.com/?l=bugtraq&m=104880976126011&w=2	Trust: 0.6
url:	/archive/1/316584	Trust: 0.3

sources: CNVD: CNVD-2003-0862 // BID: 7219

CREDITS

Announced by Thomas Reinke <reinke@e-softinc.com>.

Trust: 0.3

sources: BID: 7219

SOURCES

db:	CNVD	id:	CNVD-2003-0862
db:	BID	id:	7219

LAST UPDATE DATE

2022-05-17T02:09:33.586000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2003-0862	date:	2003-03-27T00:00:00
db:	BID	id:	7219	date:	2003-03-27T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2003-0862	date:	2003-03-27T00:00:00
db:	BID	id:	7219	date:	2003-03-27T00:00:00