CVE-2016-1558

Published: Apr 21, 2017Modified: May 13, 2026

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Buffer overflow in D-Link DAP-2310 2.06 and earlier, DAP-2330 1.06 and earlier, DAP-2360 2.06 and earlier, DAP-2553 H/W ver. B1 3.05 and earlier, DAP-2660 1.11 and earlier, DAP-2690 3.15 and earlier, DAP-2695 1.16 and earlier, DAP-3320 1.00 and earlier, and DAP-3662 1.01 and earlier allows remote attackers to have unspecified impact via a crafted 'dlink_uid' cookie.

Affected (10)

Products: Dlink: Dap 3662 Firmware, Dap 2310 Firmware, Dap 2330 Firmware, Dap 2360 Firmware, Dap 2553 Firmware, Dap 2660 Firmware, Dap 2690 Firmware, Dap 2695 Firmware, Dap 3320 Firmware, Dap 2230 Firmware

10 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dap 3662 Firmware	Version 1.01

Running on/with	Platform Versions
Dlink Dap 3662	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dap 2310 Firmware	Version 2.06

Running on/with	Platform Versions
Dlink Dap 2310	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dap 2330 Firmware	Version 1.06

Running on/with	Platform Versions
Dlink Dap 2330	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dap 2360 Firmware	Version 2.06

Running on/with	Platform Versions
Dlink Dap 2360	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dap 2553 Firmware	Version 3.05

Running on/with	Platform Versions
Dlink Dap 2553	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dap 2660 Firmware	Version 1.11

Running on/with	Platform Versions
Dlink Dap 2660	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dap 2690 Firmware	Version 3.15

Running on/with	Platform Versions
Dlink Dap 2690	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dap 2695 Firmware	Version 1.16

Running on/with	Platform Versions
Dlink Dap 2695	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dap 3320 Firmware	Version 1.00

Running on/with	Platform Versions
Dlink Dap 3320	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dap 2230 Firmware	Version 1.02

Running on/with	Platform Versions
Dlink Dap 2230	All versions

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (6)

http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html

Source: cret@cert.org

Broken LinkThird Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2016/Feb/112

Source: cret@cert.org

Mailing ListThird Party Advisory

http://www.dlink.com/mk/mk/support/support-news/2016/march/16/firmadyne-cve_2016_1558-cve_2016_1559

Source: cret@cert.org

PatchVendor Advisory

http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2016/Feb/112

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.dlink.com/mk/mk/support/support-news/2016/march/16/firmadyne-cve_2016_1558-cve_2016_1559

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.