Sign-up

ID

VAR-201712-0130


CVE

CVE-2017-3193


TITLE

D-Link routers HNAP service contains stack-based buffer overflow

Trust: 0.8

sources: CERT/CC: VU#677427

DESCRIPTION

Multiple D-Link devices including the DIR-850L firmware versions 1.14B07 and 2.07.B05 contain a stack-based buffer overflow vulnerability in the web administration interface HNAP service. D-Link DIR routers contain a stack-based buffer overflow in the HNAP Login action. Other models may also be affected. Stack-based buffer overflow (CWE-121) - CVE-2017-3193 Third parties who have access to the product HNAP_AUTH And SOAPAction Crafted header POST Request http://[ Router IP address ]/HNAP1/ To cause a buffer overflow, root It is possible to execute arbitrary code with authority. By default, remote management operations are disabled, and attacks LAN Limited to the side interface.By a third party who has access to the product, root An arbitrary code may be executed with privileges. The D-LinkDIR-850L is a wireless router from D-Link. An attacker could exploit the vulnerability to execute arbitrary code in the context of an affected device, causing a denial of service. Multiple D-Link Routers are prone to a stack-based buffer-overflow vulnerability. Failed exploit attempts will likely cause a denial-of-service condition

Trust: 3.96

sources: NVD: CVE-2017-3193 // CERT/CC: VU#677427 // CERT/CC: VU#305448 // JVNDB: JVNDB-2017-001662 // CNVD: CNVD-2017-02627 // BID: 96747 // VULHUB: VHN-111396

IOT TAXONOMY

category:['IoT', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-02627

AFFECTED PRODUCTS

vendor:d linkmodel: - scope: - version: -

Trust: 1.6

vendor:dlinkmodel:dir-850lscope:eqversion:2.07.b05

Trust: 1.0

vendor:dlinkmodel:dir-850lscope:eqversion:1.14b07

Trust: 1.0

vendor:d linkmodel:dir-850l 1.14b07scope: - version: -

Trust: 0.9

vendor:d linkmodel:dir-850l 2.07.b05scope: - version: -

Trust: 0.9

vendor:d linkmodel:dir-850lscope:eqversion:version 1.14b07

Trust: 0.8

vendor:d linkmodel:dir-850lscope:eqversion:version 2.07.b05

Trust: 0.8

vendor:d linkmodel:dir-850lscope:eqversion:1.14b07

Trust: 0.6

vendor:d linkmodel:dir-850lscope:eqversion:2.07.b05

Trust: 0.6

vendor:d linkmodel:dir-850l 2.07b05 h1ke beta1scope:neversion: -

Trust: 0.3

vendor:d linkmodel:dir-850l 1.14b07 h2ab beta1scope:neversion: -

Trust: 0.3

sources: CERT/CC: VU#677427 // CERT/CC: VU#305448 // CNVD: CNVD-2017-02627 // BID: 96747 // JVNDB: JVNDB-2017-001662 // CNNVD: CNNVD-201703-416 // NVD: CVE-2017-3193

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-3193
value: HIGH

Trust: 1.0

NVD: CVE-2016-6563
value: HIGH

Trust: 0.8

NVD: CVE-2017-3193
value: HIGH

Trust: 0.8

IPA: JVNDB-2017-001662
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-02627
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201703-416
value: HIGH

Trust: 0.6

VULHUB: VHN-111396
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-3193
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: CVE-2016-6563
severity: HIGH
baseScore: 9.3
vectorString: NONE
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

NVD: CVE-2017-3193
severity: HIGH
baseScore: 8.3
vectorString: NONE
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

IPA: JVNDB-2017-001662
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2017-02627
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-111396
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-3193
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

IPA: JVNDB-2017-001662
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CERT/CC: VU#677427 // CERT/CC: VU#305448 // CNVD: CNVD-2017-02627 // VULHUB: VHN-111396 // JVNDB: JVNDB-2017-001662 // CNNVD: CNNVD-201703-416 // NVD: CVE-2017-3193

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.8

problemtype:CWE-119

Trust: 1.1

sources: VULHUB: VHN-111396 // JVNDB: JVNDB-2017-001662 // NVD: CVE-2017-3193

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201703-416

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201703-416

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-001662

EXPLOIT AVAILABILITY
sources:
            
            
            CERT/CC: VU#677427 // 
            
            
            
            CERT/CC: VU#305448

PATCH
title:D-Link Technicacl Support - DIR-850L Downloadsurl:http://support.dlink.com/ProductInfo.aspx?m=DIR-850L
Trust: 0.8
title:DIR-850L Firmware Patch Notes (FW1.14.B07)url:ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-850L/REVA/DIR-850L_REVA_FIRMWAREPATCHNOTES_1.14.B07_EN.pdf
Trust: 0.8
title:DIR-850L Firmware Patch Notes (FW2.07.B05)url:ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-850L/REVB/DIR-850L_REVB_FIRMWAREPATCHNOTES_2.07B05_EN.pdf
Trust: 0.8
title:Patches for multiple D-Link product stack buffer overflow vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/90393
Trust: 0.6
title:D-Link DIR-850L Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67829
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-02627 // 
            
            
            
            JVNDB: JVNDB-2017-001662 // 
            
            
            
            CNNVD: CNNVD-201703-416

EXTERNAL IDS
db:CERT/CCid:VU#305448
Trust: 3.6
db:NVDid:CVE-2017-3193
Trust: 3.4
db:BIDid:96747
Trust: 2.6
db:CERT/CCid:VU#677427
Trust: 1.6
db:DLINKid:SAP10066
Trust: 0.8
db:JVNid:JVNVU98628696
Trust: 0.8
db:JVNid:JVNVU99822187
Trust: 0.8
db:JVNDBid:JVNDB-2017-001662
Trust: 0.8
db:CNNVDid:CNNVD-201703-416
Trust: 0.7
db:CNVDid:CNVD-2017-02627
Trust: 0.6
db:SEEBUGid:SSVID-92825
Trust: 0.1
db:VULHUBid:VHN-111396
Trust: 0.1
sources:
            
            
            CERT/CC: VU#677427 // 
            
            
            
            CERT/CC: VU#305448 // 
            
            
            
            CNVD: CNVD-2017-02627 // 
            
            
            
            VULHUB: VHN-111396 // 
            
            
            
            BID: 96747 // 
            
            
            
            JVNDB: JVNDB-2017-001662 // 
            
            
            
            CNNVD: CNNVD-201703-416 // 
            
            
            
            NVD: CVE-2017-3193

REFERENCES
url:https://www.kb.cert.org/vuls/id/305448
Trust: 2.8
url:http://www.securityfocus.com/bid/96747
Trust: 2.3
url:https://tools.cisco.com/security/center/viewalert.x?alertid=52967
Trust: 1.7
url:https://twitter.com/nccgroupinfosec/status/845269159277723649
Trust: 1.7
url:https://www.nccgroup.trust/uk/our-research/d-link-dir-850l-web-admin-interface-vulnerable-to-stack-based-buffer-overflow/?research=technical+advisories
Trust: 1.7
url:https://cwe.mitre.org/data/definitions/121.html
Trust: 1.6
url:http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10066
Trust: 0.8
url:https://raw.githubusercontent.com/pedrib/poc/master/advisories/dlink-hnap-login.txt
Trust: 0.8
url:http://support.dlink.com/productinfo.aspx?m=dir-850l
Trust: 0.8
url:https://www.kb.cert.org/vuls/id/677427
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3193
Trust: 0.8
url:http://jvn.jp/vu/jvnvu98628696/index.html
Trust: 0.8
url:http://jvn.jp/vu/jvnvu99822187/
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-3193
Trust: 0.8
url:http://www.dlink.com/
Trust: 0.3
sources:
            
            
            CERT/CC: VU#677427 // 
            
            
            
            CERT/CC: VU#305448 // 
            
            
            
            CNVD: CNVD-2017-02627 // 
            
            
            
            VULHUB: VHN-111396 // 
            
            
            
            BID: 96747 // 
            
            
            
            JVNDB: JVNDB-2017-001662 // 
            
            
            
            CNNVD: CNNVD-201703-416 // 
            
            
            
            NVD: CVE-2017-3193

CREDITS
Sergi Martinez for NCC Group.
Trust: 0.9
sources:
            
            
            BID: 96747 // 
            
            
            
            CNNVD: CNNVD-201703-416

SOURCES
db:CERT/CCid:VU#677427
db:CERT/CCid:VU#305448
db:CNVDid:CNVD-2017-02627
db:VULHUBid:VHN-111396
db:BIDid:96747
db:JVNDBid:JVNDB-2017-001662
db:CNNVDid:CNNVD-201703-416
db:NVDid:CVE-2017-3193

LAST UPDATE DATE
2024-11-23T23:12:06.347000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#677427date:2017-03-08T00:00:00
db:CERT/CCid:VU#305448date:2017-03-08T00:00:00
db:CNVDid:CNVD-2017-02627date:2017-03-12T00:00:00
db:VULHUBid:VHN-111396date:2019-10-09T00:00:00
db:BIDid:96747date:2017-03-16T02:00:00
db:JVNDBid:JVNDB-2017-001662date:2018-03-14T00:00:00
db:CNNVDid:CNNVD-201703-416date:2019-10-17T00:00:00
db:NVDid:CVE-2017-3193date:2024-11-21T03:25:00.347

SOURCES RELEASE DATE
db:CERT/CCid:VU#677427date:2016-11-07T00:00:00
db:CERT/CCid:VU#305448date:2017-03-08T00:00:00
db:CNVDid:CNVD-2017-02627date:2017-03-12T00:00:00
db:VULHUBid:VHN-111396date:2017-12-16T00:00:00
db:BIDid:96747date:2017-03-08T00:00:00
db:JVNDBid:JVNDB-2017-001662date:2017-03-13T00:00:00
db:CNNVDid:CNNVD-201703-416date:2017-03-10T00:00:00
db:NVDid:CVE-2017-3193date:2017-12-16T02:29:10.417