cvelistv5 - cve-2011-3992

CVE-2011-3992 (GCVE-0-2011-3992)

Vulnerability from cvelistv5 – Published: 2011-11-03 17:00 – Updated: 2024-08-06 23:53

Summary

Severity ?

No CVSS data available.

CWE

Assigner

jpcert

References

URL

Tags

	http://jvndb.jvn.jp/jvndb/JVNDB-2011-000092	third-party-advisoryx_refsource_JVNDB
	http://osvdb.org/76628	vdb-entryx_refsource_OSVDB
	http://www.securityfocus.com/bid/50405	vdb-entryx_refsource_BID
	http://jvn.jp/en/jp/JVN72640744/index.html	third-party-advisoryx_refsource_JVN
	http://www.dlink-jp.com/page/sc/F/security_info20…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T23:53:32.547Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "JVNDB-2011-000092",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVNDB",
              "x_transferred"
            ],
            "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000092"
          },
          {
            "name": "76628",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/76628"
          },
          {
            "name": "50405",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/50405"
          },
          {
            "name": "JVN#72640744",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN72640744/index.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.dlink-jp.com/page/sc/F/security_info20111028.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-10-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in the SSH server functionality on the D-Link DES-3800 with firmware before 4.50B052, DWL-2100AP with firmware before 2.50RC548, and DWL-3200AP with firmware before 2.55RC549 allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2012-01-27T10:00:00",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "name": "JVNDB-2011-000092",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVNDB"
          ],
          "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000092"
        },
        {
          "name": "76628",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/76628"
        },
        {
          "name": "50405",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/50405"
        },
        {
          "name": "JVN#72640744",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN72640744/index.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.dlink-jp.com/page/sc/F/security_info20111028.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2011-3992",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in the SSH server functionality on the D-Link DES-3800 with firmware before 4.50B052, DWL-2100AP with firmware before 2.50RC548, and DWL-3200AP with firmware before 2.55RC549 allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "JVNDB-2011-000092",
              "refsource": "JVNDB",
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000092"
            },
            {
              "name": "76628",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/76628"
            },
            {
              "name": "50405",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/50405"
            },
            {
              "name": "JVN#72640744",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN72640744/index.html"
            },
            {
              "name": "http://www.dlink-jp.com/page/sc/F/security_info20111028.html",
              "refsource": "CONFIRM",
              "url": "http://www.dlink-jp.com/page/sc/F/security_info20111028.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2011-3992",
    "datePublished": "2011-11-03T17:00:00",
    "dateReserved": "2011-10-05T00:00:00",
    "dateUpdated": "2024-08-06T23:53:32.547Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:dlink:des-3800:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BFFA8FFC-3CCD-47C1-8B6B-7071A283D5A0\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dlink:des-3800_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"4.50\", \"matchCriteriaId\": \"41386104-F07D-4EB6-ABC2-02F3A578BE2F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dlink:des-3800_firmware:4.00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"06B0C1F9-4A48-4CA6-9209-688E0D1D5353\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:dlink:dwl-2100ap:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5CF115B9-732C-4E3F-8CDF-485586B9B3E3\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dlink:dwl-2100ap_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.50\", \"matchCriteriaId\": \"705CD51A-C49B-4B93-A5EB-9BE37D0A93C9\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:dlink:dwl-3200ap:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CCF540F8-D43F-48AE-A3E5-5BEF52494021\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dlink:dwl-3200ap_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.55\", \"matchCriteriaId\": \"D69E7AC5-DE24-457E-A8EF-BA5C3F6A327F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dlink:dwl-3200ap_firmware:2.40:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D7FD3A76-BBAC-4AE8-9C3B-5A1F3968E1B1\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Buffer overflow in the SSH server functionality on the D-Link DES-3800 with firmware before 4.50B052, DWL-2100AP with firmware before 2.50RC548, and DWL-3200AP with firmware before 2.55RC549 allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors.\"}, {\"lang\": \"es\", \"value\": \"Desbordamiento de b\\u00fafer en la funcionalidad de servidor SSH en D-Link DES-3800 con firmware  anterior a v4.50B052, DWL-2100AP con firmware anterior a v2.50RC548, y DWL-3200AP con firmware anterior a v2.55RC549 permite a atacantes remotos ejecutar c\\u00f3digo de su elecci\\u00f3n o causar una denegaci\\u00f3n de servicio a trav\\u00e9s de vectores desconocidos.\"}]",
      "id": "CVE-2011-3992",
      "lastModified": "2024-11-21T01:31:40.380",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2011-11-03T17:55:01.717",
      "references": "[{\"url\": \"http://jvn.jp/en/jp/JVN72640744/index.html\", \"source\": \"vultures@jpcert.or.jp\"}, {\"url\": \"http://jvndb.jvn.jp/jvndb/JVNDB-2011-000092\", \"source\": \"vultures@jpcert.or.jp\"}, {\"url\": \"http://osvdb.org/76628\", \"source\": \"vultures@jpcert.or.jp\"}, {\"url\": \"http://www.dlink-jp.com/page/sc/F/security_info20111028.html\", \"source\": \"vultures@jpcert.or.jp\"}, {\"url\": \"http://www.securityfocus.com/bid/50405\", \"source\": \"vultures@jpcert.or.jp\"}, {\"url\": \"http://jvn.jp/en/jp/JVN72640744/index.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://jvndb.jvn.jp/jvndb/JVNDB-2011-000092\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://osvdb.org/76628\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.dlink-jp.com/page/sc/F/security_info20111028.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/50405\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "vultures@jpcert.or.jp",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2011-3992\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2011-11-03T17:55:01.717\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Buffer overflow in the SSH server functionality on the D-Link DES-3800 with firmware before 4.50B052, DWL-2100AP with firmware before 2.50RC548, and DWL-3200AP with firmware before 2.55RC549 allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de b\u00fafer en la funcionalidad de servidor SSH en D-Link DES-3800 con firmware  anterior a v4.50B052, DWL-2100AP con firmware anterior a v2.50RC548, y DWL-3200AP con firmware anterior a v2.55RC549 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n o causar una denegaci\u00f3n de servicio a trav\u00e9s de vectores desconocidos.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:dlink:des-3800:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFFA8FFC-3CCD-47C1-8B6B-7071A283D5A0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:des-3800_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.50\",\"matchCriteriaId\":\"41386104-F07D-4EB6-ABC2-02F3A578BE2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:des-3800_firmware:4.00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06B0C1F9-4A48-4CA6-9209-688E0D1D5353\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:dlink:dwl-2100ap:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5CF115B9-732C-4E3F-8CDF-485586B9B3E3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dlink:dwl-2100ap_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.50\",\"matchCriteriaId\":\"705CD51A-C49B-4B93-A5EB-9BE37D0A93C9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:dlink:dwl-3200ap:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCF540F8-D43F-48AE-A3E5-5BEF52494021\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dlink:dwl-3200ap_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.55\",\"matchCriteriaId\":\"D69E7AC5-DE24-457E-A8EF-BA5C3F6A327F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dlink:dwl-3200ap_firmware:2.40:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7FD3A76-BBAC-4AE8-9C3B-5A1F3968E1B1\"}]}]}],\"references\":[{\"url\":\"http://jvn.jp/en/jp/JVN72640744/index.html\",\"source\":\"vultures@jpcert.or.jp\"},{\"url\":\"http://jvndb.jvn.jp/jvndb/JVNDB-2011-000092\",\"source\":\"vultures@jpcert.or.jp\"},{\"url\":\"http://osvdb.org/76628\",\"source\":\"vultures@jpcert.or.jp\"},{\"url\":\"http://www.dlink-jp.com/page/sc/F/security_info20111028.html\",\"source\":\"vultures@jpcert.or.jp\"},{\"url\":\"http://www.securityfocus.com/bid/50405\",\"source\":\"vultures@jpcert.or.jp\"},{\"url\":\"http://jvn.jp/en/jp/JVN72640744/index.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://jvndb.jvn.jp/jvndb/JVNDB-2011-000092\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/76628\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.dlink-jp.com/page/sc/F/security_info20111028.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/50405\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GHSA-64PP-WW3P-F3Q4

Vulnerability from github – Published: 2022-05-14 02:14 – Updated: 2022-05-14 02:14

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2011-3992"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-11-03T17:55:00Z",
    "severity": "HIGH"
  },
  "details": "Buffer overflow in the SSH server functionality on the D-Link DES-3800 with firmware before 4.50B052, DWL-2100AP with firmware before 2.50RC548, and DWL-3200AP with firmware before 2.55RC549 allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors.",
  "id": "GHSA-64pp-ww3p-f3q4",
  "modified": "2022-05-14T02:14:22Z",
  "published": "2022-05-14T02:14:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3992"
    },
    {
      "type": "WEB",
      "url": "http://jvn.jp/en/jp/JVN72640744/index.html"
    },
    {
      "type": "WEB",
      "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000092"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/76628"
    },
    {
      "type": "WEB",
      "url": "http://www.dlink-jp.com/page/sc/F/security_info20111028.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/50405"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2011-3992

Vulnerability from fkie_nvd - Published: 2011-11-03 17:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

	URL	Tags
	vultures@jpcert.or.jp	http://jvn.jp/en/jp/JVN72640744/index.html
	vultures@jpcert.or.jp	http://jvndb.jvn.jp/jvndb/JVNDB-2011-000092
	vultures@jpcert.or.jp	http://osvdb.org/76628
	vultures@jpcert.or.jp	http://www.dlink-jp.com/page/sc/F/security_info20111028.html
	vultures@jpcert.or.jp	http://www.securityfocus.com/bid/50405
	af854a3a-2127-422b-91ae-364da2661108	http://jvn.jp/en/jp/JVN72640744/index.html
	af854a3a-2127-422b-91ae-364da2661108	http://jvndb.jvn.jp/jvndb/JVNDB-2011-000092
	af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/76628
	af854a3a-2127-422b-91ae-364da2661108	http://www.dlink-jp.com/page/sc/F/security_info20111028.html
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/50405

Impacted products

Vendor	Product	Version
dlink	des-3800	*
dlink	des-3800_firmware	*
dlink	des-3800_firmware	4.00
dlink	dwl-2100ap	*
dlink	dwl-2100ap_firmware	*
dlink	dwl-3200ap	*
dlink	dwl-3200ap_firmware	*
dlink	dwl-3200ap_firmware	2.40

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dlink:des-3800:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFFA8FFC-3CCD-47C1-8B6B-7071A283D5A0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dlink:des-3800_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "41386104-F07D-4EB6-ABC2-02F3A578BE2F",
              "versionEndIncluding": "4.50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:dlink:des-3800_firmware:4.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "06B0C1F9-4A48-4CA6-9209-688E0D1D5353",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dlink:dwl-2100ap:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CF115B9-732C-4E3F-8CDF-485586B9B3E3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:dlink:dwl-2100ap_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "705CD51A-C49B-4B93-A5EB-9BE37D0A93C9",
              "versionEndIncluding": "2.50",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dlink:dwl-3200ap:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCF540F8-D43F-48AE-A3E5-5BEF52494021",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:dlink:dwl-3200ap_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D69E7AC5-DE24-457E-A8EF-BA5C3F6A327F",
              "versionEndIncluding": "2.55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlink:dwl-3200ap_firmware:2.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7FD3A76-BBAC-4AE8-9C3B-5A1F3968E1B1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in the SSH server functionality on the D-Link DES-3800 with firmware before 4.50B052, DWL-2100AP with firmware before 2.50RC548, and DWL-3200AP with firmware before 2.55RC549 allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer en la funcionalidad de servidor SSH en D-Link DES-3800 con firmware  anterior a v4.50B052, DWL-2100AP con firmware anterior a v2.50RC548, y DWL-3200AP con firmware anterior a v2.55RC549 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n o causar una denegaci\u00f3n de servicio a trav\u00e9s de vectores desconocidos."
    }
  ],
  "id": "CVE-2011-3992",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-11-03T17:55:01.717",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "url": "http://jvn.jp/en/jp/JVN72640744/index.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000092"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "url": "http://osvdb.org/76628"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "url": "http://www.dlink-jp.com/page/sc/F/security_info20111028.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "url": "http://www.securityfocus.com/bid/50405"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://jvn.jp/en/jp/JVN72640744/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000092"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/76628"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.dlink-jp.com/page/sc/F/security_info20111028.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/50405"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2011-3992

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2011-3992

Aliases

CVE-2011-3992

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2011-3992",
    "description": "Buffer overflow in the SSH server functionality on the D-Link DES-3800 with firmware before 4.50B052, DWL-2100AP with firmware before 2.50RC548, and DWL-3200AP with firmware before 2.55RC549 allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors.",
    "id": "GSD-2011-3992"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2011-3992"
      ],
      "details": "Buffer overflow in the SSH server functionality on the D-Link DES-3800 with firmware before 4.50B052, DWL-2100AP with firmware before 2.50RC548, and DWL-3200AP with firmware before 2.55RC549 allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors.",
      "id": "GSD-2011-3992",
      "modified": "2023-12-13T01:19:09.485591Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2011-3992",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Buffer overflow in the SSH server functionality on the D-Link DES-3800 with firmware before 4.50B052, DWL-2100AP with firmware before 2.50RC548, and DWL-3200AP with firmware before 2.55RC549 allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "JVNDB-2011-000092",
            "refsource": "JVNDB",
            "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000092"
          },
          {
            "name": "76628",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/76628"
          },
          {
            "name": "50405",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/50405"
          },
          {
            "name": "JVN#72640744",
            "refsource": "JVN",
            "url": "http://jvn.jp/en/jp/JVN72640744/index.html"
          },
          {
            "name": "http://www.dlink-jp.com/page/sc/F/security_info20111028.html",
            "refsource": "CONFIRM",
            "url": "http://www.dlink-jp.com/page/sc/F/security_info20111028.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dlink:des-3800:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dlink:des-3800_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "4.50",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:dlink:des-3800_firmware:4.00:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dlink:dwl-2100ap:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:dlink:dwl-2100ap_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.50",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dlink:dwl-3200ap:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:dlink:dwl-3200ap_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.55",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:dlink:dwl-3200ap_firmware:2.40:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2011-3992"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Buffer overflow in the SSH server functionality on the D-Link DES-3800 with firmware before 4.50B052, DWL-2100AP with firmware before 2.50RC548, and DWL-3200AP with firmware before 2.55RC549 allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.dlink-jp.com/page/sc/F/security_info20111028.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.dlink-jp.com/page/sc/F/security_info20111028.html"
            },
            {
              "name": "JVN#72640744",
              "refsource": "JVN",
              "tags": [],
              "url": "http://jvn.jp/en/jp/JVN72640744/index.html"
            },
            {
              "name": "JVNDB-2011-000092",
              "refsource": "JVNDB",
              "tags": [],
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000092"
            },
            {
              "name": "50405",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/50405"
            },
            {
              "name": "76628",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/76628"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-30T16:26Z",
      "publishedDate": "2011-11-03T17:55Z"
    }
  }
}

CERTA-2011-AVI-608

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité présente sur les produits D-Link peut être utilisée par un utilisateur malveillant pour exécuter du code arbitraire à distance.

Description

Une vulnérabilité de type débordement de tampon a été identifiée dans le serveur SSH de certains produits D-Link. Une personne malveillante peut exploiter cette vulnérabilité afin d'exécuter du code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Une mise à jour du firmware permet de corriger cette vulnérabilité. Il est aussi possible de désactiver le serveur SSH dans certains produits, si celui-ci n'est pas utilisé.

None

Impacted products

Vendor	Product	Description
N/A	N/A	D-Link séries DES-3800 firmwares antérieures au R4.50B052 ;
N/A	N/A	D-Link séries DWL-2100AP firmwares antérieures au 2.50RC548 ;
N/A	N/A	D-Link séries DWL-3200AP firmwares antérieures au 2.55RC549.

References

Title

Publication Time

Tags

Avis JVN #72640744 du 28 octobre 2011	None	vendor-advisory
Avis D-Link DL-VU-2011-001 (en japonais) :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "D-Link s\u00e9ries DES-3800 firmwares ant\u00e9rieures au R4.50B052 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "D-Link s\u00e9ries DWL-2100AP firmwares ant\u00e9rieures au 2.50RC548 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "D-Link s\u00e9ries DWL-3200AP firmwares ant\u00e9rieures au 2.55RC549.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 de type d\u00e9bordement de tampon a \u00e9t\u00e9 identifi\u00e9e dans le\nserveur SSH de certains produits D-Link. Une personne malveillante peut\nexploiter cette vuln\u00e9rabilit\u00e9 afin d\u0027ex\u00e9cuter du code arbitraire \u00e0\ndistance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n\nUne mise \u00e0 jour du firmware permet de corriger cette vuln\u00e9rabilit\u00e9. Il\nest aussi possible de d\u00e9sactiver le serveur SSH dans certains produits,\nsi celui-ci n\u0027est pas utilis\u00e9.\n",
  "cves": [
    {
      "name": "CVE-2011-3992",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3992"
    }
  ],
  "links": [
    {
      "title": "Avis D-Link DL-VU-2011-001 (en japonais) :",
      "url": "http://www.dlink-jp.com/page/sc/F/security_info20111028.html"
    }
  ],
  "reference": "CERTA-2011-AVI-608",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-10-31T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 pr\u00e9sente sur les produits D-Link peut \u00eatre utilis\u00e9e\npar un utilisateur malveillant pour ex\u00e9cuter du code arbitraire \u00e0\ndistance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans les produits D-Link",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Avis JVN #72640744 du 28 octobre 2011",
      "url": "http://jvn.jp/en/jp/JVN72640744/index.html"
    }
  ]
}

CERTA-2011-AVI-608

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité présente sur les produits D-Link peut être utilisée par un utilisateur malveillant pour exécuter du code arbitraire à distance.

Description

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Une mise à jour du firmware permet de corriger cette vulnérabilité. Il est aussi possible de désactiver le serveur SSH dans certains produits, si celui-ci n'est pas utilisé.

None

Impacted products

Vendor	Product	Description
N/A	N/A	D-Link séries DES-3800 firmwares antérieures au R4.50B052 ;
N/A	N/A	D-Link séries DWL-2100AP firmwares antérieures au 2.50RC548 ;
N/A	N/A	D-Link séries DWL-3200AP firmwares antérieures au 2.55RC549.

References

Title

Publication Time

Tags

Avis JVN #72640744 du 28 octobre 2011	None	vendor-advisory
Avis D-Link DL-VU-2011-001 (en japonais) :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "D-Link s\u00e9ries DES-3800 firmwares ant\u00e9rieures au R4.50B052 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "D-Link s\u00e9ries DWL-2100AP firmwares ant\u00e9rieures au 2.50RC548 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "D-Link s\u00e9ries DWL-3200AP firmwares ant\u00e9rieures au 2.55RC549.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 de type d\u00e9bordement de tampon a \u00e9t\u00e9 identifi\u00e9e dans le\nserveur SSH de certains produits D-Link. Une personne malveillante peut\nexploiter cette vuln\u00e9rabilit\u00e9 afin d\u0027ex\u00e9cuter du code arbitraire \u00e0\ndistance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n\nUne mise \u00e0 jour du firmware permet de corriger cette vuln\u00e9rabilit\u00e9. Il\nest aussi possible de d\u00e9sactiver le serveur SSH dans certains produits,\nsi celui-ci n\u0027est pas utilis\u00e9.\n",
  "cves": [
    {
      "name": "CVE-2011-3992",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3992"
    }
  ],
  "links": [
    {
      "title": "Avis D-Link DL-VU-2011-001 (en japonais) :",
      "url": "http://www.dlink-jp.com/page/sc/F/security_info20111028.html"
    }
  ],
  "reference": "CERTA-2011-AVI-608",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-10-31T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 pr\u00e9sente sur les produits D-Link peut \u00eatre utilis\u00e9e\npar un utilisateur malveillant pour ex\u00e9cuter du code arbitraire \u00e0\ndistance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans les produits D-Link",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Avis JVN #72640744 du 28 octobre 2011",
      "url": "http://jvn.jp/en/jp/JVN72640744/index.html"
    }
  ]
}

JVNDB-2011-000092

Vulnerability from jvndb - Published: 2011-10-28 17:42 - Updated:2011-10-28 17:42

Severity ?

() - -

Summary

Multiple D-Link products vulnerable to buffer overflow

Details

Multiple D-Link products contain a buffer overflow vulnerability. Multiple D-Link products contain a buffer overflow vulnerability due to a SSH implementation issue. Hisashi Kojima, Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

Type

URL

	JVN	http://jvn.jp/en/jp/JVN72640744/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3992
	NVD	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3992
	IPA SECURITY ALERTS	http://www.ipa.go.jp/security/english/vuln/201110_dlink_en.html
	Buffer Errors(CWE-119)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

	D-Link Corporation	DES-3800
	D-Link Corporation	DWL-2100AP
	D-Link Corporation	DWL-3200AP

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000092.html",
  "dc:date": "2011-10-28T17:42+09:00",
  "dcterms:issued": "2011-10-28T17:42+09:00",
  "dcterms:modified": "2011-10-28T17:42+09:00",
  "description": "Multiple D-Link products contain a buffer overflow vulnerability.\r\n\r\nMultiple D-Link products contain a buffer overflow vulnerability due to a SSH implementation issue.\r\n\r\nHisashi Kojima, Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000092.html",
  "sec:cpe": [
    {
      "#text": "cpe:/h:dlink:des-3800",
      "@product": "DES-3800 ",
      "@vendor": "D-Link Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:dlink:dwl-2100AP",
      "@product": "DWL-2100AP",
      "@vendor": "D-Link Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:dlink:dwl-3200AP",
      "@product": "DWL-3200AP",
      "@vendor": "D-Link Corporation",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "10.0",
    "@severity": "High",
    "@type": "Base",
    "@vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2011-000092",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN72640744/index.html",
      "@id": "JVN#72640744",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3992",
      "@id": "CVE-2011-3992",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3992",
      "@id": "CVE-2011-3992",
      "@source": "NVD"
    },
    {
      "#text": "http://www.ipa.go.jp/security/english/vuln/201110_dlink_en.html",
      "@id": "Security Alert for Vulnerability in Multiple D-Link Products",
      "@source": "IPA SECURITY ALERTS"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-119",
      "@title": "Buffer Errors(CWE-119)"
    }
  ],
  "title": "Multiple D-Link products vulnerable to buffer overflow"
}

VAR-201111-0137

Vulnerability from variot - Updated: 2023-12-18 13:40

Buffer overflow in the SSH server functionality on the D-Link DES-3800 with firmware before 4.50B052, DWL-2100AP with firmware before 2.50RC548, and DWL-3200AP with firmware before 2.55RC549 allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors. Multiple D-Link products contain a buffer overflow vulnerability. Multiple D-Link products contain a buffer overflow vulnerability due to a SSH implementation issue. Hisashi Kojima, Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA. The problem exists in the SSH server provided by the device. Unexplained security vulnerabilities allow remote attackers to perform buffer overflow attacks. Successful exploitation of a vulnerability can execute arbitrary code in the context of an application. Very few details are available regarding this issue. We will update this BID when more information emerges. Failed exploit attempts will likely result in a denial-of-service condition. The issue affects the following: D-Link DES-3800 firmware prior to R4.50B052 D-Link DWL-2100AP firmware prior to 2.50RC548 D-Link DWL-3200AP firmware prior to 2.55RC549. D-Link is a network company founded by Taiwan D-Link Group, dedicated to the R&D, production and marketing of LAN, broadband network, wireless network, voice network and related network equipment. ----------------------------------------------------------------------

Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.

Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/

TITLE: D-Link Products SSH Server Buffer Overflow Vulnerability

SECUNIA ADVISORY ID: SA46637

VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46637/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46637

RELEASE DATE: 2011-10-29

DISCUSS ADVISORY: http://secunia.com/advisories/46637/#comments

AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

http://secunia.com/advisories/46637/

ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

https://ca.secunia.com/?page=viewadvisory&vuln_id=46637

ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

DESCRIPTION: A vulnerability has been reported in multiple D-Link products, which can be exploited by malicious people to compromise a vulnerable device.

SOLUTION: Update to fixed firmware (please see the vendor's advisory for details).

PROVIDED AND/OR DISCOVERED BY: JVN credits Hisashi Kojima, and Masahiro Nakada, Fujitsu Laboratories Ltd.

ORIGINAL ADVISORY: D-Link (DL-VU2011-001): http://www.dlink-jp.com/page/sc/F/security_info20111028.html

JVN: http://jvn.jp/en/jp/JVN72640744/index.html http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000092.html

OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201111-0137",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "dwl-2100ap",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "dlink",
        "version": "2.50"
      },
      {
        "model": "des-3800",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dlink",
        "version": "4.00"
      },
      {
        "model": "dwl-3200ap",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "dlink",
        "version": "2.55"
      },
      {
        "model": "dwl-3200ap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dlink",
        "version": "*"
      },
      {
        "model": "dwl-3200ap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dlink",
        "version": "2.40"
      },
      {
        "model": "des-3800",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "dlink",
        "version": "4.50"
      },
      {
        "model": "des-3800",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dlink",
        "version": "*"
      },
      {
        "model": "dwl-2100ap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dlink",
        "version": "*"
      },
      {
        "model": "des-3800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "d link",
        "version": "series firmware prior to r4.50b052"
      },
      {
        "model": "dwl-2100ap",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "d link",
        "version": "firmware prior to 2.50rc548"
      },
      {
        "model": "dwl-3200ap",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "d link",
        "version": "firmware prior to 2.55rc549"
      },
      {
        "model": "dwl-3200ap",
        "scope": null,
        "trust": 0.6,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "dwl-2100ap",
        "scope": null,
        "trust": 0.6,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "des-3800",
        "scope": null,
        "trust": 0.6,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "dwl-3200ap",
        "scope": null,
        "trust": 0.6,
        "vendor": "dlink",
        "version": null
      },
      {
        "model": "des-3800",
        "scope": null,
        "trust": 0.6,
        "vendor": "dlink",
        "version": null
      },
      {
        "model": "dwl-2100ap",
        "scope": null,
        "trust": 0.6,
        "vendor": "dlink",
        "version": null
      },
      {
        "model": "dwl-3200ap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "d link",
        "version": "0"
      },
      {
        "model": "dwl-2100ap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "d link",
        "version": "0"
      },
      {
        "model": "des-3800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "d link",
        "version": "0"
      },
      {
        "model": "dwl-3200ap 2.55rc549",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "dwl-2100ap 2.50rc548",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "des-3800 r4.50b052",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2011-4566"
      },
      {
        "db": "BID",
        "id": "50405"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-000092"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3992"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201110-688"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dlink:des-3800:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dlink:des-3800_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "4.50",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:dlink:des-3800_firmware:4.00:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dlink:dwl-2100ap:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:dlink:dwl-2100ap_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.50",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dlink:dwl-3200ap:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:dlink:dwl-3200ap_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.55",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:dlink:dwl-3200ap_firmware:2.40:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-3992"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Hisashi Kojima",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201110-688"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2011-3992",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "Complete",
            "baseScore": 10.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "JVNDB-2011-000092",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "VHN-51937",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2011-3992",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2011-000092",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201110-688",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-51937",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-51937"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-000092"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3992"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201110-688"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Buffer overflow in the SSH server functionality on the D-Link DES-3800 with firmware before 4.50B052, DWL-2100AP with firmware before 2.50RC548, and DWL-3200AP with firmware before 2.55RC549 allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors. Multiple D-Link products contain a buffer overflow vulnerability. Multiple D-Link products contain a buffer overflow vulnerability due to a SSH implementation issue. Hisashi Kojima, Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA. The problem exists in the SSH server provided by the device. Unexplained security vulnerabilities allow remote attackers to perform buffer overflow attacks. Successful exploitation of a vulnerability can execute arbitrary code in the context of an application. \nVery few details are available regarding this issue.  We will update this BID when more information emerges. Failed exploit attempts will likely result in a denial-of-service condition. \nThe issue affects the following:\nD-Link DES-3800 firmware prior to R4.50B052\nD-Link DWL-2100AP firmware prior to 2.50RC548\nD-Link DWL-3200AP firmware prior to 2.55RC549. D-Link is a network company founded by Taiwan D-Link Group, dedicated to the R\u0026D, production and marketing of LAN, broadband network, wireless network, voice network and related network equipment. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nD-Link Products SSH Server Buffer Overflow Vulnerability\n\nSECUNIA ADVISORY ID:\nSA46637\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46637/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46637\n\nRELEASE DATE:\n2011-10-29\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46637/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46637/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46637\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in multiple D-Link products, which\ncan be exploited by malicious people to compromise a vulnerable\ndevice. \n\nSOLUTION:\nUpdate to fixed firmware (please see the vendor\u0027s advisory for\ndetails). \n\nPROVIDED AND/OR DISCOVERED BY:\nJVN credits Hisashi Kojima, and Masahiro Nakada, Fujitsu Laboratories\nLtd. \n\nORIGINAL ADVISORY:\nD-Link (DL-VU2011-001):\nhttp://www.dlink-jp.com/page/sc/F/security_info20111028.html\n\nJVN:\nhttp://jvn.jp/en/jp/JVN72640744/index.html\nhttp://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000092.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-3992"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-000092"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4566"
      },
      {
        "db": "BID",
        "id": "50405"
      },
      {
        "db": "VULHUB",
        "id": "VHN-51937"
      },
      {
        "db": "PACKETSTORM",
        "id": "106360"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2011-3992",
        "trust": 3.4
      },
      {
        "db": "JVN",
        "id": "JVN72640744",
        "trust": 2.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-000092",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "46637",
        "trust": 1.5
      },
      {
        "db": "BID",
        "id": "50405",
        "trust": 1.4
      },
      {
        "db": "OSVDB",
        "id": "76628",
        "trust": 1.1
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201110-688",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4566",
        "trust": 0.6
      },
      {
        "db": "JVN",
        "id": "JVN#72640744",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "18073",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-51937",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "106360",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2011-4566"
      },
      {
        "db": "VULHUB",
        "id": "VHN-51937"
      },
      {
        "db": "BID",
        "id": "50405"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-000092"
      },
      {
        "db": "PACKETSTORM",
        "id": "106360"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3992"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201110-688"
      }
    ]
  },
  "id": "VAR-201111-0137",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2011-4566"
      },
      {
        "db": "VULHUB",
        "id": "VHN-51937"
      }
    ],
    "trust": 1.2912698233333333
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT",
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2011-4566"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:40:08.835000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "DL-VU2011-001 \"vulnerability in the SSH function\"",
        "trust": 0.8,
        "url": "http://www.dlink-jp.com/page/sc/f/security_info.html"
      },
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.dlink-jp.com/"
      },
      {
        "title": "Patch for D-Link Multiple Products Remote Buffer Overflow Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/5700"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2011-4566"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-000092"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-51937"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-000092"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3992"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.9,
        "url": "http://jvn.jp/en/jp/jvn72640744/index.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.dlink-jp.com/page/sc/f/security_info20111028.html"
      },
      {
        "trust": 1.7,
        "url": "http://jvndb.jvn.jp/jvndb/jvndb-2011-000092"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/50405"
      },
      {
        "trust": 1.1,
        "url": "http://osvdb.org/76628"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3992"
      },
      {
        "trust": 0.8,
        "url": "http://www.ipa.go.jp/security/english/vuln/201110_dlink_en.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3992"
      },
      {
        "trust": 0.6,
        "url": "http://secunia.com/advisories/46637/http"
      },
      {
        "trust": 0.6,
        "url": "http://secunia.com/advisories/46637"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/18073"
      },
      {
        "trust": 0.3,
        "url": "http://www.dlink.com/"
      },
      {
        "trust": 0.1,
        "url": "http://jvndb.jvn.jp/ja/contents/2011/jvndb-2011-000092.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_intelligence/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/46637/#comments"
      },
      {
        "trust": 0.1,
        "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46637"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/personal/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/46637/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/products/corporate/vim/ovum_2011_request/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2011-4566"
      },
      {
        "db": "VULHUB",
        "id": "VHN-51937"
      },
      {
        "db": "BID",
        "id": "50405"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-000092"
      },
      {
        "db": "PACKETSTORM",
        "id": "106360"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3992"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201110-688"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2011-4566"
      },
      {
        "db": "VULHUB",
        "id": "VHN-51937"
      },
      {
        "db": "BID",
        "id": "50405"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-000092"
      },
      {
        "db": "PACKETSTORM",
        "id": "106360"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3992"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201110-688"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-10-31T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-4566"
      },
      {
        "date": "2011-11-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-51937"
      },
      {
        "date": "2011-10-28T00:00:00",
        "db": "BID",
        "id": "50405"
      },
      {
        "date": "2011-10-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-000092"
      },
      {
        "date": "2011-10-31T07:50:33",
        "db": "PACKETSTORM",
        "id": "106360"
      },
      {
        "date": "2011-11-03T17:55:01.717000",
        "db": "NVD",
        "id": "CVE-2011-3992"
      },
      {
        "date": "2011-10-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201110-688"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-10-31T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-4566"
      },
      {
        "date": "2018-10-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-51937"
      },
      {
        "date": "2011-10-28T00:00:00",
        "db": "BID",
        "id": "50405"
      },
      {
        "date": "2011-10-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-000092"
      },
      {
        "date": "2018-10-30T16:26:47.450000",
        "db": "NVD",
        "id": "CVE-2011-3992"
      },
      {
        "date": "2011-11-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201110-688"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201110-688"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple D-Link products vulnerable to buffer overflow",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-000092"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201110-688"
      }
    ],
    "trust": 0.6
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2011-3992 (GCVE-0-2011-3992)

GHSA-64PP-WW3P-F3Q4

FKIE_CVE-2011-3992

GSD-2011-3992

CERTA-2011-AVI-608

Description

Solution

CERTA-2011-AVI-608

Description

Solution

JVNDB-2011-000092

VAR-201111-0137

Tags

Sightings

Nomenclature