Sign-up

ID

VAR-202002-1403


CVE

CVE-2020-8962


TITLE

D-Link DIR-842 REVC Out-of-bounds write vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-001981

DESCRIPTION

A stack-based buffer overflow was found on the D-Link DIR-842 REVC with firmware v3.13B09 HOTFIX due to the use of strcpy for LOGINPASSWORD when handling a POST request to the /MTFWU endpoint. D-Link DIR-842 REVC Is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. D-Link DIR-842 REVC is a wireless router from Taiwan D-Link Corporation. The vulnerability originates from a network system or product that incorrectly validates data boundaries when performing operations on memory, causing incorrect read and write operations to be performed on other associated memory locations. An attacker could use this vulnerability to cause a buffer overflow or heap overflow

Trust: 2.25

sources: NVD: CVE-2020-8962 // JVNDB: JVNDB-2020-001981 // CNVD: CNVD-2020-10497 // VULMON: CVE-2020-8962

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-10497

AFFECTED PRODUCTS

vendor:dlinkmodel:dir-842scope:eqversion:3.13b09

Trust: 1.0

vendor:d linkmodel:dir-842scope:eqversion:3.13b09

Trust: 0.8

vendor:dlinkmodel:d-link dir-842 revc v3.13b09 hotfixscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-10497 // JVNDB: JVNDB-2020-001981 // NVD: CVE-2020-8962

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-8962
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2020-001981
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-10497
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202002-752
value: CRITICAL

Trust: 0.6

VULMON: CVE-2020-8962
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-8962
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-001981
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-10497
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-8962
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-001981
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-10497 // VULMON: CVE-2020-8962 // JVNDB: JVNDB-2020-001981 // CNNVD: CNNVD-202002-752 // NVD: CVE-2020-8962

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.8

sources: JVNDB: JVNDB-2020-001981 // NVD: CVE-2020-8962

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202002-752

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202002-752

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-001981

PATCH
title:Top Pageurl:https://www.dlink.com/
Trust: 0.8
title:Patch for D-Link DIR-842 REVC Buffer Overflow Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/201925
Trust: 0.6
title:D-Link DIR-842 REVC Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110001
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-10497 // 
            
            
            
            JVNDB: JVNDB-2020-001981 // 
            
            
            
            CNNVD: CNNVD-202002-752

EXTERNAL IDS
db:NVDid:CVE-2020-8962
Trust: 3.1
db:JVNDBid:JVNDB-2020-001981
Trust: 0.8
db:CNVDid:CNVD-2020-10497
Trust: 0.6
db:CNNVDid:CNNVD-202002-752
Trust: 0.6
db:VULMONid:CVE-2020-8962
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-10497 // 
            
            
            
            VULMON: CVE-2020-8962 // 
            
            
            
            JVNDB: JVNDB-2020-001981 // 
            
            
            
            CNNVD: CNNVD-202002-752 // 
            
            
            
            NVD: CVE-2020-8962

REFERENCES
url:https://ctrsec.io/index.php/2020/02/12/cve-2020-8962-d-link-dir-842-stack-based-buffer-overflow/
Trust: 3.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-8962
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-8962
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/787.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/176225
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-10497 // 
            
            
            
            VULMON: CVE-2020-8962 // 
            
            
            
            JVNDB: JVNDB-2020-001981 // 
            
            
            
            CNNVD: CNNVD-202002-752 // 
            
            
            
            NVD: CVE-2020-8962

SOURCES
db:CNVDid:CNVD-2020-10497
db:VULMONid:CVE-2020-8962
db:JVNDBid:JVNDB-2020-001981
db:CNNVDid:CNNVD-202002-752
db:NVDid:CVE-2020-8962

LAST UPDATE DATE
2024-11-23T21:36:05.015000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-10497date:2020-02-19T00:00:00
db:VULMONid:CVE-2020-8962date:2020-02-18T00:00:00
db:JVNDBid:JVNDB-2020-001981date:2020-03-02T00:00:00
db:CNNVDid:CNNVD-202002-752date:2021-01-04T00:00:00
db:NVDid:CVE-2020-8962date:2024-11-21T05:39:45.070

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-10497date:2020-02-19T00:00:00
db:VULMONid:CVE-2020-8962date:2020-02-13T00:00:00
db:JVNDBid:JVNDB-2020-001981date:2020-03-02T00:00:00
db:CNNVDid:CNNVD-202002-752date:2020-02-13T00:00:00
db:NVDid:CVE-2020-8962date:2020-02-13T05:15:11.213