Sign-up

ID

VAR-200602-0268


CVE

CVE-2006-0784


TITLE

D-Link DWL-G700AP httpd Remote Denial of Service Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2006-0922 // CNNVD: CNNVD-200602-294

DESCRIPTION

D-Link DWL-G700AP with firmware 2.00 and 2.01 allows remote attackers to cause a denial of service (CAMEO HTTP service crash) via a request composed of "GET" followed by a space and two newlines, possibly triggering the crash due to missing arguments. D-Link DWL-G700AP is a wireless access router.  D-Link DWL-G700AP's HTTP management interface implementation has a vulnerability. A remote attacker could use this vulnerability to cause the HTTP server to become unresponsive.  If you want to configure DWL-G700AP, you must go through the http service, and this service is managed by httpd named CAMEO. A denial of service vulnerability exists in this webserver. An attacker just sending a "GET \ n \ n" string can cause the service to crash. D-Link DWL-G700AP HTTPD is prone to a remote denial-of-service vulnerability. This issue is due to a failure in the 'httpd' service to properly handle malformed data. An attacker can exploit this issue to crash the affected webserver, effectively denying service to legitimate users. The affected device must be manually reset to restart the affected service. This issue is reported to affect firmware versions 2.00 and 2.01; other firmware versions may also be vulnerable. TITLE: DWL-G700AP Web Interface Denial of Service SECUNIA ADVISORY ID: SA18932 VERIFY ADVISORY: http://secunia.com/advisories/18932/ CRITICAL: Less critical IMPACT: DoS WHERE: >From local network OPERATING SYSTEM: D-Link DWL-G700AP http://secunia.com/product/8121/ DESCRIPTION: l0om has reported a vulnerability in D-Link DWL-G700AP, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the web-based management interface and can be exploited to crash the service via a malformed HTTP request with no resource specified. SOLUTION: Restrict access to the web interface. PROVIDED AND/OR DISCOVERED BY: l0om ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.89

sources: NVD: CVE-2006-0784 // CNVD: CNVD-2006-0922 // BID: 16690 // VULHUB: VHN-16892 // PACKETSTORM: 43950

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2006-0922

AFFECTED PRODUCTS

vendor:d linkmodel:dwl-g700apscope:eqversion:2.01

Trust: 1.9

vendor:d linkmodel:dwl-g700apscope:eqversion:2.00

Trust: 1.9

vendor:nonemodel: - scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2006-0922 // BID: 16690 // CNNVD: CNNVD-200602-294 // NVD: CVE-2006-0784

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-0784
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200602-294
value: MEDIUM

Trust: 0.6

VULHUB: VHN-16892
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2006-0784
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-16892
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-16892 // CNNVD: CNNVD-200602-294 // NVD: CVE-2006-0784

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-0784

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200602-294

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200602-294

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-16892

EXTERNAL IDS
db:NVDid:CVE-2006-0784
Trust: 2.3
db:BIDid:16690
Trust: 2.0
db:SECUNIAid:18932
Trust: 1.8
db:SREASONid:441
Trust: 1.7
db:VUPENid:ADV-2006-0637
Trust: 1.7
db:CNNVDid:CNNVD-200602-294
Trust: 0.7
db:CNVDid:CNVD-2006-0922
Trust: 0.6
db:XFid:24762
Trust: 0.6
db:BUGTRAQid:20060216 D-LINK DWL-G700AP HTTPD DOS
Trust: 0.6
db:SEEBUGid:SSVID-80858
Trust: 0.1
db:EXPLOIT-DBid:27241
Trust: 0.1
db:VULHUBid:VHN-16892
Trust: 0.1
db:PACKETSTORMid:43950
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2006-0922 // 
            
            
            
            VULHUB: VHN-16892 // 
            
            
            
            BID: 16690 // 
            
            
            
            PACKETSTORM: 43950 // 
            
            
            
            CNNVD: CNNVD-200602-294 // 
            
            
            
            NVD: CVE-2006-0784

REFERENCES
url:http://www.securityfocus.com/bid/16690
Trust: 1.7
url:http://secunia.com/advisories/18932
Trust: 1.7
url:http://securityreason.com/securityalert/441
Trust: 1.7
url:http://www.securityfocus.com/archive/1/425169/100/0/threaded
Trust: 1.1
url:http://www.vupen.com/english/advisories/2006/0637
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/24762
Trust: 1.1
url:http://www.securityfocus.com/archive/1/archive/1/425169/100/0/threaded
Trust: 0.6
url:http://xforce.iss.net/xforce/xfdb/24762
Trust: 0.6
url:http://www.frsirt.com/english/advisories/2006/0637
Trust: 0.6
url:http://www.dlink.com/products/?pid=326
Trust: 0.3
url:http://www.d-link.com/
Trust: 0.3
url:/archive/1/425169
Trust: 0.3
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/product/8121/
Trust: 0.1
url:http://secunia.com/advisories/18932/
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-16892 // 
            
            
            
            BID: 16690 // 
            
            
            
            PACKETSTORM: 43950 // 
            
            
            
            CNNVD: CNNVD-200602-294 // 
            
            
            
            NVD: CVE-2006-0784

CREDITS
l0om l0om@excluded.org
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200602-294

SOURCES
db:CNVDid:CNVD-2006-0922
db:VULHUBid:VHN-16892
db:BIDid:16690
db:PACKETSTORMid:43950
db:CNNVDid:CNNVD-200602-294
db:NVDid:CVE-2006-0784

LAST UPDATE DATE
2024-08-14T14:22:46.776000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2006-0922date:2006-02-16T00:00:00
db:VULHUBid:VHN-16892date:2018-10-18T00:00:00
db:BIDid:16690date:2006-02-17T02:42:00
db:CNNVDid:CNNVD-200602-294date:2006-02-20T00:00:00
db:NVDid:CVE-2006-0784date:2018-10-18T16:29:04.320

SOURCES RELEASE DATE
db:CNVDid:CNVD-2006-0922date:2006-02-16T00:00:00
db:VULHUBid:VHN-16892date:2006-02-19T00:00:00
db:BIDid:16690date:2006-02-16T00:00:00
db:PACKETSTORMid:43950date:2006-02-17T23:46:33
db:CNNVDid:CNNVD-200602-294date:2006-02-19T00:00:00
db:NVDid:CVE-2006-0784date:2006-02-19T11:02:00