{"vuid":"VU#332115","idnumber":"332115","name":"D-Link routers contain buffer overflow vulnerability","keywords":["dlink","router","stack buffer overflow","CWE-121"],"overview":"D-Link DIR routers contain a stack-based buffer overflow vulnerability, which may allow a remote attack to execute arbitrary code.","clean_desc":"CWE-121: Stack-based Buffer Overflow - CVE-2016-5681 A stack-based buffer overflow occurs in the function within the cgibin binary which validates the session cookie. This function is used by a service which is exposed to the WAN network on port 8181 by default. CVE-2016-5681  has been confirmed to affect: DIR-850L B1\nDIR-822 A1\nDIR-823 A1\nDIR-895L A1\nDIR-890L A1\nDIR-885L A1\nDIR-880L A1\nDIR-868L B1\nDIR-868L C1\nDIR-817L(W)\nDIR-818L(W)","impact":"This  function allows a buffer overflow condition in which arbitrary code may be executed. The impact may vary depending on if the use case is local or remote.","resolution":"Apply Updates D-Link has provided firmware updates for the affected devices. Please see their public advisory  for links to the updated firmware.","workarounds":"Restrict Access As a general good security practice, only allow connections from trusted hosts and networks","sysaffected":"","thanks":"Thanks to Daniel Romero\n @daniel_rome (NCC Group)  for reporting this vulnerability.","author":"This document was written by Trent Novelly.","public":["https://cwe.mitre.org/data/definitions/121.html","http://support.dlink.com/","http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10063"],"cveids":["CVE-2016-5681"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2016-08-05T19:39:43Z","publicdate":"2016-08-11T00:00:00Z","datefirstpublished":"2016-08-11T17:49:56Z","dateupdated":"2016-08-12T19:04:37Z","revision":17,"vrda_d1_directreport":"1","vrda_d1_population":"2","vrda_d1_impact":"2","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"M","cvss_authentication":null,"cvss_confidentialityimpact":"C","cvss_integrityimpact":"C","cvss_availabilityimpact":"C","cvss_exploitablity":null,"cvss_remediationlevel":"ND","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"M","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"9.3","cvss_basevector":"AV:N/AC:M/Au:N/C:C/I:C/A:C","cvss_temporalscore":"8.4","cvss_environmentalscore":"6.299215776","cvss_environmentalvector":"CDP:ND/TD:M/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}