Sign-up

ID

VAR-200706-0068


CVE

CVE-2007-0933


TITLE

D-Link DWL-G650 TIM Information Element Wireless Drive Beacon Remote Overflow Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2007-3843 // CNNVD: CNNVD-200706-054

DESCRIPTION

Buffer overflow in the wireless driver 6.0.0.18 for D-Link DWL-G650+ (Rev. A1) on Windows XP allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a beacon frame with a long TIM Information Element. D-Link DWL-G650 is a widely used wireless network card. Patching plan: The vendor has not released any upgrade patches for the time being, please pay attention to the vendor address in time: http://www.dlink.com/products/?pid=358. The D-Link Wireless Device Driver for DWL-G650 devices is prone to a buffer-overflow vulnerability because the driver fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer. Exploiting this issue potentially allows attackers to execute arbitrary machine code in the context of the kernel hosting the vulnerable driver. Failed attempts will likely crash the kernel, resulting in denial-of-service conditions. D-Link DWL-G650 6.0.0.18 (Rev. A1) is reported vulnerable; other versions may also be affected

Trust: 3.15

sources: NVD: CVE-2007-0933 // JVNDB: JVNDB-2007-003380 // CNVD: CNVD-2007-3843 // CNVD: CNVD-2007-3824 // BID: 24438 // VULHUB: VHN-24295 // VULMON: CVE-2007-0933

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 1.2

sources: CNVD: CNVD-2007-3843 // CNVD: CNVD-2007-3824

AFFECTED PRODUCTS

vendor:nonemodel: - scope: - version: -

Trust: 1.2

vendor:microsoftmodel:windows xpscope:eqversion:*

Trust: 1.1

vendor:d linkmodel:dwl-g650+scope:eqversion:firmware 6.0.0.18

Trust: 0.8

vendor:microsoftmodel:windows xpscope:eqversion:sp3

Trust: 0.8

vendor:microsoftmodel:windows xpscope: - version: -

Trust: 0.6

vendor:d linkmodel:dwl-g650scope:eqversion:6.018

Trust: 0.3

sources: CNVD: CNVD-2007-3843 // CNVD: CNVD-2007-3824 // VULMON: CVE-2007-0933 // BID: 24438 // JVNDB: JVNDB-2007-003380 // CNNVD: CNNVD-200706-054 // NVD: CVE-2007-0933

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-0933
value: HIGH

Trust: 1.0

NVD: CVE-2007-0933
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200706-054
value: HIGH

Trust: 0.6

VULHUB: VHN-24295
value: HIGH

Trust: 0.1

VULMON: CVE-2007-0933
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2007-0933
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-24295
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-24295 // VULMON: CVE-2007-0933 // JVNDB: JVNDB-2007-003380 // CNNVD: CNNVD-200706-054 // NVD: CVE-2007-0933

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-0933

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200706-054

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200706-054

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-003380

PATCH
title:Top Pageurl:http://www.dlink.com
Trust: 0.8
title:Windows XPurl:http://windows.microsoft.com/en-US/windows/products/windows-xp
Trust: 0.8
title:wifuzziturl:https://github.com/0xd012/wifuzzit 
Trust: 0.1
title:wifuzziturl:https://github.com/flowerhack/wifuzzit 
Trust: 0.1
title:wifuzziturl:https://github.com/84KaliPleXon3/wifuzzit 
Trust: 0.1
title:wifuzziturl:https://github.com/PleXone2019/wifuzzit 
Trust: 0.1
title:wifuzziturl:https://github.com/wi-fi-analyzer/wifuzzit 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2007-0933 // 
            
            
            
            JVNDB: JVNDB-2007-003380

EXTERNAL IDS
db:NVDid:CVE-2007-0933
Trust: 3.5
db:BIDid:24438
Trust: 2.7
db:SECUNIAid:25602
Trust: 2.4
db:OSVDBid:36160
Trust: 1.8
db:JVNDBid:JVNDB-2007-003380
Trust: 0.8
db:CNNVDid:CNNVD-200706-054
Trust: 0.7
db:CNVDid:CNVD-2007-3843
Trust: 0.6
db:CNCVEid:CNCVE-20070933
Trust: 0.6
db:CNVDid:CNVD-2007-3824
Trust: 0.6
db:VULHUBid:VHN-24295
Trust: 0.1
db:VULMONid:CVE-2007-0933
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2007-3843 // 
            
            
            
            CNVD: CNVD-2007-3824 // 
            
            
            
            VULHUB: VHN-24295 // 
            
            
            
            VULMON: CVE-2007-0933 // 
            
            
            
            BID: 24438 // 
            
            
            
            JVNDB: JVNDB-2007-003380 // 
            
            
            
            CNNVD: CNNVD-200706-054 // 
            
            
            
            NVD: CVE-2007-0933

REFERENCES
url:http://secunia.com/advisories/25602
Trust: 2.4
url:http://www.securityfocus.com/bid/24438
Trust: 2.4
url:http://www.blackhat.com/presentations/bh-europe-07/butti/presentation/bh-eu-07-butti.pdf
Trust: 2.1
url:http://osvdb.org/36160
Trust: 1.8
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/34831
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0933
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-0933
Trust: 0.8
url:http://www.dlink.com/products/?pid=11
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:http://tools.cisco.com/security/center/viewalert.x?alertid=13530
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2007-3824 // 
            
            
            
            VULHUB: VHN-24295 // 
            
            
            
            VULMON: CVE-2007-0933 // 
            
            
            
            BID: 24438 // 
            
            
            
            JVNDB: JVNDB-2007-003380 // 
            
            
            
            CNNVD: CNNVD-200706-054 // 
            
            
            
            NVD: CVE-2007-0933

CREDITS
Laurent Buttiā€» laurent.butti@orange-ftgroup.com
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200706-054

SOURCES
db:CNVDid:CNVD-2007-3843
db:CNVDid:CNVD-2007-3824
db:VULHUBid:VHN-24295
db:VULMONid:CVE-2007-0933
db:BIDid:24438
db:JVNDBid:JVNDB-2007-003380
db:CNNVDid:CNNVD-200706-054
db:NVDid:CVE-2007-0933

LAST UPDATE DATE
2024-08-14T15:09:31.816000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2007-3843date:2007-06-12T00:00:00
db:CNVDid:CNVD-2007-3824date:2007-06-12T00:00:00
db:VULHUBid:VHN-24295date:2017-07-29T00:00:00
db:VULMONid:CVE-2007-0933date:2017-07-29T00:00:00
db:BIDid:24438date:2007-06-13T04:39:00
db:JVNDBid:JVNDB-2007-003380date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-200706-054date:2007-06-06T00:00:00
db:NVDid:CVE-2007-0933date:2017-07-29T01:30:30.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2007-3843date:2007-06-12T00:00:00
db:CNVDid:CNVD-2007-3824date:2007-06-12T00:00:00
db:VULHUBid:VHN-24295date:2007-06-05T00:00:00
db:VULMONid:CVE-2007-0933date:2007-06-05T00:00:00
db:BIDid:24438date:2007-06-12T00:00:00
db:JVNDBid:JVNDB-2007-003380date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-200706-054date:2007-06-05T00:00:00
db:NVDid:CVE-2007-0933date:2007-06-05T21:30:00