Vulnerability Description
Buffer overflow in D-Link DAP-2310 2.06 and earlier, DAP-2330 1.06 and earlier, DAP-2360 2.06 and earlier, DAP-2553 H/W ver. B1 3.05 and earlier, DAP-2660 1.11 and earlier, DAP-2690 3.15 and earlier, DAP-2695 1.16 and earlier, DAP-3320 1.00 and earlier, and DAP-3662 1.01 and earlier allows remote attackers to have unspecified impact via a crafted 'dlink_uid' cookie.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dlink | Dap-3662 Firmware | 1.01 |
| Dlink | Dap-3662 | - |
| Dlink | Dap-2310 Firmware | 2.06 |
| Dlink | Dap-2310 | - |
| Dlink | Dap-2330 Firmware | 1.06 |
| Dlink | Dap-2330 | - |
| Dlink | Dap-2360 Firmware | 2.06 |
| Dlink | Dap-2360 | - |
| Dlink | Dap-2553 Firmware | 3.05 |
| Dlink | Dap-2553 | - |
| Dlink | Dap-2660 Firmware | 1.11 |
| Dlink | Dap-2660 | - |
| Dlink | Dap-2690 Firmware | 3.15 |
| Dlink | Dap-2690 | - |
| Dlink | Dap-2695 Firmware | 1.16 |
| Dlink | Dap-2695 | - |
| Dlink | Dap-3320 Firmware | 1.00 |
| Dlink | Dap-3320 | - |
| Dlink | Dap-2230 Firmware | 1.02 |
| Dlink | Dap-2230 | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-InjBroken LinkThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2016/Feb/112Mailing ListThird Party Advisory
- http://www.dlink.com/mk/mk/support/support-news/2016/march/16/firmadyne-cve_2016PatchVendor Advisory
- http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-InjBroken LinkThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2016/Feb/112Mailing ListThird Party Advisory
- http://www.dlink.com/mk/mk/support/support-news/2016/march/16/firmadyne-cve_2016PatchVendor Advisory
FAQ
What is CVE-2016-1558?
CVE-2016-1558 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Buffer overflow in D-Link DAP-2310 2.06 and earlier, DAP-2330 1.06 and earlier, DAP-2360 2.06 and earlier, DAP-2553 H/W ver. B1 3.05 and earlier, DAP-2660 1.11 and earlier, DAP-2690 3.15 and earlier, ...
How severe is CVE-2016-1558?
CVE-2016-1558 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2016-1558?
Check the references section above for vendor advisories and patch information. Affected products include: Dlink Dap-3662 Firmware, Dlink Dap-3662, Dlink Dap-2310 Firmware, Dlink Dap-2310, Dlink Dap-2330 Firmware.