CVE-2016-5681

Published: Aug 25, 2016Modified: May 6, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Stack-based buffer overflow in dws/api/Login on D-Link DIR-850L B1 2.07 before 2.07WWB05, DIR-817 Ax, DIR-818LW Bx before 2.05b03beta03, DIR-822 C1 3.01 before 3.01WWb02, DIR-823 A1 1.00 before 1.00WWb05, DIR-895L A1 1.11 before 1.11WWb04, DIR-890L A1 1.09 before 1.09b14, DIR-885L A1 1.11 before 1.11WWb07, DIR-880L A1 1.07 before 1.07WWb08, DIR-868L B1 2.03 before 2.03WWb01, and DIR-868L C1 3.00 before 3.00WWb01 devices allows remote attackers to execute arbitrary code via a long session cookie.

Affected (11)

Products: Dlink: Dir 868l Firmware, Dir 822 Firmware · D Link: Dir 880l Firmware, Dir 850l Firmare, Dir 895l Firmware, Dir 817l(w) Firmware, Dir 818l(w) Firmware, Dir 890l Firmware, Dir 823 Firmware, Dir 885l Firmware

2 products

8 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dir 868l Firmware	Up to 2.03

Running on/with	Platform Versions
Dlink Dir 868l	Version b1

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dir 822 Firmware	Version 3.01

Running on/with	Platform Versions
Dlink Dir 822	Version a1

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
D Link Dir 880l Firmware	Up to 1.07

Running on/with	Platform Versions
Dlink Dir 880l	Version a1

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
D Link Dir 850l Firmare	Up to 2.07

Running on/with	Platform Versions
Dlink Dir 850l	Version b1

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
D Link Dir 895l Firmware	Up to 1.11

Running on/with	Platform Versions
Dlink Dir 895l	Version a1

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
D Link Dir 817l(w) Firmware	Up to jul.2016

Running on/with	Platform Versions
Dlink Dir 817l(w)	Version ax

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
D Link Dir 818l(w) Firmware	Up to 2.05

Running on/with	Platform Versions
Dlink Dir 818l(w)	Version ax

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
D Link Dir 890l Firmware	Up to 1.09

Running on/with	Platform Versions
Dlink Dir 890l	Version a1

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
D Link Dir 823 Firmware	Up to 1.00

Running on/with	Platform Versions
Dlink Dir 823	Version a1

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
D Link Dir 885l Firmware	Up to 1.11

Running on/with	Platform Versions
Dlink Dir 885l	Version a1

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dir 868l Firmware	Up to 3.00

Running on/with	Platform Versions
Dlink Dir 868l	Version c1

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (6)

http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10063

Source: cret@cert.org

Vendor Advisory

http://www.kb.cert.org/vuls/id/332115

Source: cret@cert.org

Third Party AdvisoryUS Government Resource

http://www.securityfocus.com/bid/92427

Source: cret@cert.org

Third Party AdvisoryVDB Entry

http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10063

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.kb.cert.org/vuls/id/332115

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

http://www.securityfocus.com/bid/92427

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.