[Japanese]
|
JVNDB-2011-000092
|
Multiple D-Link products vulnerable to buffer overflow
|
Multiple D-Link products contain a buffer overflow vulnerability.
Multiple D-Link products contain a buffer overflow vulnerability due to a SSH implementation issue.
Hisashi Kojima, Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
|
CVSS V2 Severity: Base Metrics 10.0 (High) [IPA Score]
- Access Vector: Network
- Access Complexity: Low
- Authentication: None
- Confidentiality Impact: Complete
- Integrity Impact: Complete
- Availability Impact: Complete
|
|
D-Link Systems, Inc.
- DES-3800 series firmware prior to R4.50B052
- DWL-2100AP firmware prior to 2.50RC548
- DWL-3200AP firmware prior to 2.55RC549
|
|
A remote attacker may cause a denial of service (DoS) or execute arbitrary code.
|
[Update the Firmware]
Update to the latest version of firmware according to the information provided by the developer.
[Apply a workaround]
The following workaround may mitigate the affects of this vulnerability.
* Disable the SSH function
|
D-Link Systems, Inc.
|
- Buffer Errors(CWE-119) [IPA Evaluation]
|
- CVE-2011-3992
|
- JVN : JVN#72640744
- National Vulnerability Database (NVD) : CVE-2011-3992
- IPA SECURITY ALERTS : Security Alert for Vulnerability in Multiple D-Link Products
|
- [2011/10/28]
Web page published
|