Details of VAR-200607-0199

ID

VAR-200607-0199

CVE

CVE-2006-3687

TITLE

Multiple D-Link routers fail to properly process UPnP M-SEARCH requests

Trust: 0.8

sources: CERT/CC: VU#971705

DESCRIPTION

Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in D-Link DI-524, DI-604 Broadband Router, DI-624, D-Link DI-784, WBR-1310 Wireless G Router, WBR-2310 RangeBooster G Router, and EBR-2310 Ethernet Broadband Router allows remote attackers to execute arbitrary code via a long M-SEARCH request to UDP port 1900. A buffer overflow vulnerability in the software that operates certain models of D-Link routers could allow a remote attacker to execute arbitrary code on the affected device. D-Link is an internationally renowned provider of network equipment and solutions, and its products include a variety of router equipment. If an attacker can send an M-SEARCH request with an excessively long parameter (about 800 bytes) to the LAN interface of the vulnerable D-Link device, it will trigger a stack overflow and cause reliable execution of arbitrary instructions. The attack does not affect network connectivity and shows no signs. In some cases, a soft restart of the device may be required, resulting in a temporary loss of connectivity. D-Link wired and wireless routers are prone to a buffer-overflow vulnerability because these devices fail to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. D-Link is a network company founded by Taiwan D-Link Group, dedicated to the R&D, production and marketing of LAN, broadband network, wireless network, voice network and related network equipment

Trust: 3.24

sources: NVD: CVE-2006-3687 // CERT/CC: VU#971705 // JVNDB: JVNDB-2006-002812 // CNVD: CNVD-2006-5380 // BID: 19006 // VULHUB: VHN-19795

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2006-5380

AFFECTED PRODUCTS

vendor:	d link	model:	di-524	scope:	-	version:	-	Trust: 1.4
vendor:	d link	model:	di-624	scope:	-	version:	-	Trust: 1.4
vendor:	d link	model:	di-784	scope:	-	version:	-	Trust: 1.4
vendor:	d link	model:	ebr-2310 ethernet broadband router	scope:	-	version:	-	Trust: 1.4
vendor:	d link	model:	wbr-1310 wireless g router	scope:	-	version:	-	Trust: 1.4
vendor:	d link	model:	wbr-2310 rangebooster g router	scope:	-	version:	-	Trust: 1.4
vendor:	d link	model:	ebr-2310 ethernet broadband router	scope:	eq	version:	*	Trust: 1.0
vendor:	dlink	model:	di-624	scope:	eq	version:	*	Trust: 1.0
vendor:	d link	model:	di-604 broadband router	scope:	eq	version:	*	Trust: 1.0
vendor:	d link	model:	wbr-1310 wireless g router	scope:	eq	version:	*	Trust: 1.0
vendor:	d link	model:	di-784	scope:	eq	version:	*	Trust: 1.0
vendor:	dlink	model:	di-524	scope:	eq	version:	*	Trust: 1.0
vendor:	d link	model:	wbr-2310 rangebooster g router	scope:	eq	version:	*	Trust: 1.0
vendor:	d link	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	di-604	scope:	-	version:	-	Trust: 0.8
vendor:	none	model:	-	scope:	-	version:	-	Trust: 0.6
vendor:	d link	model:	di-604 broadband router	scope:	-	version:	-	Trust: 0.6
vendor:	d link	model:	wbr-2310 rev a	scope:	-	version:	-	Trust: 0.3
vendor:	d link	model:	wbr-1310 rev a	scope:	-	version:	-	Trust: 0.3
vendor:	d link	model:	ebr-2310 rev a	scope:	-	version:	-	Trust: 0.3
vendor:	d link	model:	di-784 rev a	scope:	-	version:	-	Trust: 0.3
vendor:	d link	model:	di-624 rev d	scope:	-	version:	-	Trust: 0.3
vendor:	d link	model:	di-624 rev c	scope:	-	version:	-	Trust: 0.3
vendor:	d link	model:	di-604 rev e	scope:	-	version:	-	Trust: 0.3
vendor:	d link	model:	di-524 rev d	scope:	-	version:	-	Trust: 0.3
vendor:	d link	model:	di-524 rev c	scope:	-	version:	-	Trust: 0.3
vendor:	d link	model:	di-524 rev b2	scope:	-	version:	-	Trust: 0.3
vendor:	d link	model:	di-524 rev b1	scope:	-	version:	-	Trust: 0.3
vendor:	d link	model:	di-524 rev a	scope:	-	version:	-	Trust: 0.3

sources: CERT/CC: VU#971705 // CNVD: CNVD-2006-5380 // BID: 19006 // JVNDB: JVNDB-2006-002812 // CNNVD: CNNVD-200607-297 // NVD: CVE-2006-3687

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2006-3687
value:	HIGH
Trust: 1.0
CARNEGIE MELLON:	VU#971705
value:	0.14
Trust: 0.8
NVD:	CVE-2006-3687
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200607-297
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-19795
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2006-3687
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-19795
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#971705 // VULHUB: VHN-19795 // JVNDB: JVNDB-2006-002812 // CNNVD: CNNVD-200607-297 // NVD: CVE-2006-3687

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-3687

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200607-297

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200607-297

CONFIGURATIONS

sources: JVNDB: JVNDB-2006-002812

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-19795

PATCH

title:

Top Page

url:

http://www.dlink.com

Trust: 0.8

sources: JVNDB: JVNDB-2006-002812

EXTERNAL IDS

db:	CERT/CC	id:	VU#971705	Trust: 3.3
db:	NVD	id:	CVE-2006-3687	Trust: 3.1
db:	SECUNIA	id:	21081	Trust: 2.5
db:	BID	id:	19006	Trust: 2.0
db:	VUPEN	id:	ADV-2006-2829	Trust: 1.7
db:	SECTRACK	id:	1016511	Trust: 1.7
db:	OSVDB	id:	27333	Trust: 1.7
db:	JVNDB	id:	JVNDB-2006-002812	Trust: 0.8
db:	CNNVD	id:	CNNVD-200607-297	Trust: 0.7
db:	CNVD	id:	CNVD-2006-5380	Trust: 0.6
db:	SEEBUG	id:	SSVID-81807	Trust: 0.1
db:	EXPLOIT-DB	id:	28230	Trust: 0.1
db:	VULHUB	id:	VHN-19795	Trust: 0.1

sources: CERT/CC: VU#971705 // CNVD: CNVD-2006-5380 // VULHUB: VHN-19795 // BID: 19006 // JVNDB: JVNDB-2006-002812 // CNNVD: CNNVD-200607-297 // NVD: CVE-2006-3687

REFERENCES

url:	http://www.eeye.com/html/research/advisories/ad20060714.html	Trust: 2.8
url:	http://www.kb.cert.org/vuls/id/971705	Trust: 2.5
url:	http://www.securityfocus.com/bid/19006	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/440298/100/0/threaded	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/440852/100/100/threaded	Trust: 1.7
url:	http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0363.html	Trust: 1.7
url:	http://www.osvdb.org/27333	Trust: 1.7
url:	http://securitytracker.com/id?1016511	Trust: 1.7
url:	http://secunia.com/advisories/21081	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2006/2829	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/27755	Trust: 1.7
url:	http://secunia.com/advisories/21081/	Trust: 0.8
url:	http://support.dlink.com/products/view.asp?productid=di%2d524	Trust: 0.8
url:	http://support.dlink.com/	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3687	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-3687	Trust: 0.8
url:	http://www.dlink.com/	Trust: 0.3
url:	/archive/1/440298	Trust: 0.3
url:	/archive/1/440852	Trust: 0.3

sources: CERT/CC: VU#971705 // VULHUB: VHN-19795 // BID: 19006 // JVNDB: JVNDB-2006-002812 // CNNVD: CNNVD-200607-297 // NVD: CVE-2006-3687

CREDITS

Barnaby Jack

Trust: 0.6

sources: CNNVD: CNNVD-200607-297

SOURCES

db:	CERT/CC	id:	VU#971705
db:	CNVD	id:	CNVD-2006-5380
db:	VULHUB	id:	VHN-19795
db:	BID	id:	19006
db:	JVNDB	id:	JVNDB-2006-002812
db:	CNNVD	id:	CNNVD-200607-297
db:	NVD	id:	CVE-2006-3687

LAST UPDATE DATE

2024-08-14T14:42:02.983000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#971705	date:	2007-01-23T00:00:00
db:	CNVD	id:	CNVD-2006-5380	date:	2006-07-17T00:00:00
db:	VULHUB	id:	VHN-19795	date:	2018-10-18T00:00:00
db:	BID	id:	19006	date:	2006-07-24T18:02:00
db:	JVNDB	id:	JVNDB-2006-002812	date:	2012-12-20T00:00:00
db:	CNNVD	id:	CNNVD-200607-297	date:	2023-04-27T00:00:00
db:	NVD	id:	CVE-2006-3687	date:	2023-04-26T18:55:30.893

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#971705	date:	2006-08-03T00:00:00
db:	CNVD	id:	CNVD-2006-5380	date:	2006-07-17T00:00:00
db:	VULHUB	id:	VHN-19795	date:	2006-07-21T00:00:00
db:	BID	id:	19006	date:	2006-07-17T00:00:00
db:	JVNDB	id:	JVNDB-2006-002812	date:	2012-12-20T00:00:00
db:	CNNVD	id:	CNNVD-200607-297	date:	2006-07-21T00:00:00
db:	NVD	id:	CVE-2006-3687	date:	2006-07-21T14:03:00