Details of VAR-200612-0174

ID

VAR-200612-0174

CVE

CVE-2006-6538

TITLE

D-LINK DWL-2000AP+ Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2006-001741

DESCRIPTION

D-LINK DWL-2000AP+ firmware 2.11 allows remote attackers to cause (1) a denial of service (device reset) via a flood of ARP replies on the wired or wireless (radio) link and (2) a denial of service (device crash) via a flood of ARP requests on the wireless link. Dwl-2000Ap%2B is prone to a denial-of-service vulnerability. ---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. Try it out online: http://secunia.com/software_inspector/ ---------------------------------------------------------------------- TITLE: D-LINK DWL-2000AP+ Denial of Service SECUNIA ADVISORY ID: SA23332 VERIFY ADVISORY: http://secunia.com/advisories/23332/ CRITICAL: Less critical IMPACT: DoS WHERE: >From local network OPERATING SYSTEM: D-Link DWL-2000AP+ http://secunia.com/product/12883/ DESCRIPTION: poplix has reported a vulnerability in D-LINK DWL-2000AP+, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the handling of ARP packets and can be exploited under certain circumstances to crash the device via ARP flooding attacks. The vulnerability is reported with firmware version 2.11. Other versions may also be affected. SOLUTION: Use another product. PROVIDED AND/OR DISCOVERED BY: poplix ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2006-6538 // JVNDB: JVNDB-2006-001741 // BID: 87282 // VULHUB: VHN-22646 // PACKETSTORM: 52976

AFFECTED PRODUCTS

vendor:	d link	model:	dwl-2000ap\+	scope:	eq	version:	2.11	Trust: 1.6
vendor:	d link	model:	dwl-2000ap+	scope:	eq	version:	firmware 2.11	Trust: 0.8
vendor:	d link	model:	dwl-2000ap%2b	scope:	eq	version:	2.11	Trust: 0.3

sources: BID: 87282 // JVNDB: JVNDB-2006-001741 // CNNVD: CNNVD-200612-290 // NVD: CVE-2006-6538

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2006-6538
value:	HIGH
Trust: 1.0
NVD:	CVE-2006-6538
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200612-290
value:	HIGH
Trust: 0.6
VULHUB:	VHN-22646
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2006-6538
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-22646
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-22646 // JVNDB: JVNDB-2006-001741 // CNNVD: CNNVD-200612-290 // NVD: CVE-2006-6538

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-6538

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200612-290

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200612-290

CONFIGURATIONS

sources: JVNDB: JVNDB-2006-001741

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-22646

PATCH

title:

Top Page

url:

http://www.dlink.com/

Trust: 0.8

sources: JVNDB: JVNDB-2006-001741

EXTERNAL IDS

db:	NVD	id:	CVE-2006-6538	Trust: 2.8
db:	EXPLOIT-DB	id:	2915	Trust: 2.0
db:	SREASON	id:	2029	Trust: 2.0
db:	SECUNIA	id:	23332	Trust: 1.8
db:	VUPEN	id:	ADV-2006-4965	Trust: 1.7
db:	XF	id:	30837	Trust: 0.9
db:	JVNDB	id:	JVNDB-2006-001741	Trust: 0.8
db:	CNNVD	id:	CNNVD-200612-290	Trust: 0.7
db:	BUGTRAQ	id:	20061211 D-LINK DWL-2000AP+ REMOTE DOS	Trust: 0.6
db:	MILW0RM	id:	2915	Trust: 0.6
db:	BID	id:	87282	Trust: 0.4
db:	VULHUB	id:	VHN-22646	Trust: 0.1
db:	PACKETSTORM	id:	52976	Trust: 0.1

sources: VULHUB: VHN-22646 // BID: 87282 // JVNDB: JVNDB-2006-001741 // PACKETSTORM: 52976 // CNNVD: CNNVD-200612-290 // NVD: CVE-2006-6538

REFERENCES

url:	http://tripp.dynalias.org/arpflood.c	Trust: 2.0
url:	http://securityreason.com/securityalert/2029	Trust: 2.0
url:	http://secunia.com/advisories/23332	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/454047/100/0/threaded	Trust: 1.1
url:	https://www.exploit-db.com/exploits/2915	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2006/4965	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/30837	Trust: 1.1
url:	http://milw0rm.com/exploits/2915	Trust: 0.9
url:	http://xforce.iss.net/xforce/xfdb/30837	Trust: 0.9
url:	http://www.securityfocus.com/archive/1/archive/1/454047/100/0/threaded	Trust: 0.9
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-6538	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-6538	Trust: 0.8
url:	http://www.milw0rm.com/exploits/2915	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2006/4965	Trust: 0.6
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/software_inspector/	Trust: 0.1
url:	http://secunia.com/advisories/23332/	Trust: 0.1
url:	http://secunia.com/product/12883/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: VULHUB: VHN-22646 // BID: 87282 // JVNDB: JVNDB-2006-001741 // PACKETSTORM: 52976 // CNNVD: CNNVD-200612-290 // NVD: CVE-2006-6538

CREDITS

Unknown

Trust: 0.3

sources: BID: 87282

SOURCES

db:	VULHUB	id:	VHN-22646
db:	BID	id:	87282
db:	JVNDB	id:	JVNDB-2006-001741
db:	PACKETSTORM	id:	52976
db:	CNNVD	id:	CNNVD-200612-290
db:	NVD	id:	CVE-2006-6538

LAST UPDATE DATE

2024-08-14T15:09:37.054000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-22646	date:	2018-10-17T00:00:00
db:	BID	id:	87282	date:	2006-12-13T00:00:00
db:	JVNDB	id:	JVNDB-2006-001741	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200612-290	date:	2006-12-14T00:00:00
db:	NVD	id:	CVE-2006-6538	date:	2018-10-17T21:49:07.567

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-22646	date:	2006-12-14T00:00:00
db:	BID	id:	87282	date:	2006-12-13T00:00:00
db:	JVNDB	id:	JVNDB-2006-001741	date:	2012-06-26T00:00:00
db:	PACKETSTORM	id:	52976	date:	2006-12-14T09:45:41
db:	CNNVD	id:	CNNVD-200612-290	date:	2006-12-13T00:00:00
db:	NVD	id:	CVE-2006-6538	date:	2006-12-14T02:28:00