Details of VAR-200408-0030

ID

VAR-200408-0030

CVE

CVE-2004-0661

TITLE

D-Link AirPlus DI-614 + and DI-604 DHCP Server Flood Attack Denial of Service Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2004-1818

DESCRIPTION

Integer signedness error in D-Link AirPlus DI-614+ running firmware 2.30 and earlier allows remote attackers to cause a denial of service (IP lease depletion) via a DHCP request with the LEASETIME option set to -1, which makes the DHCP lease valid for thirteen or more years. D-Link AirPlus DI-614 + and DI-604 are SOHO broadband routers. D-Link AirPlus DI-614 + and DI-604 do not properly handle a large number of DHCP requests. Remote attackers can use this vulnerability to conduct denial of service attacks on devices. Sending a large number of legitimate DHCP requests can cause the device to consume a lot of memory and needs to be restarted for normal service. An attacker may be able to deny service to legitimate users of an affected device by repeatedly causing the device to reboot. The DI-614+ with firmware revision 2.30, and the DI-604 with unknown firmware were reported vulnerable. The DI-624 Revision B was also confirmed susceptible

Trust: 2.34

sources: NVD: CVE-2004-0661 // CNVD: CNVD-2004-1818 // CNVD: CNVD-2004-1817 // BID: 10621 // VULHUB: VHN-9091

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 1.2

sources: CNVD: CNVD-2004-1818 // CNVD: CNVD-2004-1817

AFFECTED PRODUCTS

vendor:	d link	model:	di-614\+	scope:	eq	version:	2.30	Trust: 1.6
vendor:	d link	model:	di-624	scope:	eq	version:	1.28	Trust: 1.6
vendor:	none	model:	-	scope:	-	version:	-	Trust: 1.2
vendor:	d link	model:	di-604	scope:	eq	version:	*	Trust: 1.0
vendor:	d link	model:	di-604	scope:	-	version:	-	Trust: 0.9
vendor:	d link	model:	di-624 soho router	scope:	eq	version:	1.28	Trust: 0.3
vendor:	d link	model:	di-614+	scope:	eq	version:	2.30	Trust: 0.3

sources: CNVD: CNVD-2004-1818 // CNVD: CNVD-2004-1817 // BID: 10621 // CNNVD: CNNVD-200408-110 // NVD: CVE-2004-0661

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-0661
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200408-110
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-9091
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2004-0661
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-9091
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-9091 // CNNVD: CNNVD-200408-110 // NVD: CVE-2004-0661

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-0661

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200408-110

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200408-110

EXTERNAL IDS

db:	NVD	id:	CVE-2004-0661	Trust: 2.6
db:	BID	id:	10621	Trust: 2.6
db:	OSVDB	id:	7294	Trust: 1.7
db:	SECUNIA	id:	12018	Trust: 1.7
db:	XF	id:	16531	Trust: 1.2
db:	CNNVD	id:	CNNVD-200408-110	Trust: 0.7
db:	CNVD	id:	CNVD-2004-1818	Trust: 0.6
db:	CNCVE	id:	CNCVE-20040661	Trust: 0.6
db:	CNVD	id:	CNVD-2004-1817	Trust: 0.6
db:	BUGTRAQ	id:	20040629 RE: DLINK 614+ - SOHO ROUTERS, SYSTEM DOS	Trust: 0.6
db:	BUGTRAQ	id:	20040628 DLINK 614+ - SOHO ROUTERS, DHCP SERVICE DOS	Trust: 0.6
db:	VULHUB	id:	VHN-9091	Trust: 0.1

sources: CNVD: CNVD-2004-1818 // CNVD: CNVD-2004-1817 // VULHUB: VHN-9091 // BID: 10621 // CNNVD: CNNVD-200408-110 // NVD: CVE-2004-0661

REFERENCES

url:	http://www.securityfocus.com/bid/10621	Trust: 2.3
url:	http://www.securityfocus.com/archive/1/367485	Trust: 1.7
url:	http://www.osvdb.org/7294	Trust: 1.7
url:	http://secunia.com/advisories/12018	Trust: 1.7
url:	http://xforce.iss.net/xforce/xfdb/16531	Trust: 1.2
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/16531	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=108844250013785&w=2	Trust: 1.0
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=108844250013785&w=2	Trust: 0.6
url:	http://www.d-link.com/	Trust: 0.3
url:	/archive/1/367294	Trust: 0.3
url:	/archive/1/367485	Trust: 0.3
url:	/archive/1/367889	Trust: 0.3
url:	http://marc.info/?l=bugtraq&m=108844250013785&w=2	Trust: 0.1

sources: CNVD: CNVD-2004-1817 // VULHUB: VHN-9091 // BID: 10621 // CNNVD: CNNVD-200408-110 // NVD: CVE-2004-0661

CREDITS

Gregory Duchemin※ c3rb3r@hotmail.com

Trust: 0.6

sources: CNNVD: CNNVD-200408-110

SOURCES

db:	CNVD	id:	CNVD-2004-1818
db:	CNVD	id:	CNVD-2004-1817
db:	VULHUB	id:	VHN-9091
db:	BID	id:	10621
db:	CNNVD	id:	CNNVD-200408-110
db:	NVD	id:	CVE-2004-0661

LAST UPDATE DATE

2024-08-14T14:42:21.210000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2004-1818	date:	2004-06-27T00:00:00
db:	CNVD	id:	CNVD-2004-1817	date:	2004-06-27T00:00:00
db:	VULHUB	id:	VHN-9091	date:	2017-07-11T00:00:00
db:	BID	id:	10621	date:	2009-07-12T05:16:00
db:	CNNVD	id:	CNNVD-200408-110	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2004-0661	date:	2017-07-11T01:30:21.370

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2004-1818	date:	2004-06-27T00:00:00
db:	CNVD	id:	CNVD-2004-1817	date:	2004-06-27T00:00:00
db:	VULHUB	id:	VHN-9091	date:	2004-08-06T00:00:00
db:	BID	id:	10621	date:	2004-06-27T00:00:00
db:	CNNVD	id:	CNNVD-200408-110	date:	2004-06-27T00:00:00
db:	NVD	id:	CVE-2004-0661	date:	2004-08-06T04:00:00