cvelistv5 - cve-2021-27248

CVE-2021-27248 (GCVE-0-2021-27248)

Vulnerability from cvelistv5 – Published: 2021-04-14 15:45 – Updated: 2024-08-03 20:48

Summary

Severity ?

8.8 (High)


                        
                          CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-121 - Stack-based Buffer Overflow

Assigner

zdi

References

URL

Tags

	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://supportannouncement.us.dlink.com/announce…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	D-Link	DAP-2020	Affected: v1.01rc001

Credits

chung96vn ft phieulang & Chi Tran

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:48:16.106Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-203/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10201"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DAP-2020",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "v1.01rc001"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "chung96vn ft phieulang \u0026 Chi Tran"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. When parsing the getpage parameter, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-10932."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121: Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-14T15:45:54",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-203/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10201"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "zdi-disclosures@trendmicro.com",
          "ID": "CVE-2021-27248",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DAP-2020",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "v1.01rc001"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "D-Link"
              }
            ]
          }
        },
        "credit": "chung96vn ft phieulang \u0026 Chi Tran",
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. When parsing the getpage parameter, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-10932."
            }
          ]
        },
        "impact": {
          "cvss": {
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-121: Stack-based Buffer Overflow"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-203/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-203/"
            },
            {
              "name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10201",
              "refsource": "MISC",
              "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10201"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2021-27248",
    "datePublished": "2021-04-14T15:45:54",
    "dateReserved": "2021-02-16T00:00:00",
    "dateUpdated": "2024-08-03T20:48:16.106Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dlink:dap-2020_firmware:1.01:rc001:*:*:*:*:*:*\", \"matchCriteriaId\": \"B0962F7C-1425-478D-9E83-D6560578DFA6\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dlink:dap-2020:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F9FF47C9-C3D0-4F84-92A7-FCAA390F4AD0\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. When parsing the getpage parameter, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-10932.\"}, {\"lang\": \"es\", \"value\": \"Esta vulnerabilidad permite a atacantes adyacentes a la red ejecutar c\\u00f3digo arbitrario en las instalaciones afectadas de los puntos de acceso Wi-Fi D-Link DAP-2020 v1.01rc001.\u0026#xa0;No es requerida una autenticaci\\u00f3n para explotar esta vulnerabilidad.\u0026#xa0;El fallo espec\\u00edfico se presenta dentro del procesamiento de scripts CGI.\u0026#xa0;Cuando se analiza el par\\u00e1metro getpage, el proceso no comprueba apropiadamente la longitud de los datos suministrados por el usuario antes de copiarlos en un b\\u00fafer en la regi\\u00f3n stack de la memoria de longitud fija.\u0026#xa0;Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\\u00f3digo en el contexto de root.\u0026#xa0;Era ZDI-CAN-10932\"}]",
      "id": "CVE-2021-27248",
      "lastModified": "2024-11-21T05:57:40.923",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV30\": [{\"source\": \"zdi-disclosures@trendmicro.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:A/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 8.3, \"accessVector\": \"ADJACENT_NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 6.5, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2021-04-14T16:15:13.360",
      "references": "[{\"url\": \"https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10201\", \"source\": \"zdi-disclosures@trendmicro.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-21-203/\", \"source\": \"zdi-disclosures@trendmicro.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10201\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-21-203/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}]",
      "sourceIdentifier": "zdi-disclosures@trendmicro.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"zdi-disclosures@trendmicro.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-121\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-27248\",\"sourceIdentifier\":\"zdi-disclosures@trendmicro.com\",\"published\":\"2021-04-14T16:15:13.360\",\"lastModified\":\"2024-11-21T05:57:40.923\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. When parsing the getpage parameter, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-10932.\"},{\"lang\":\"es\",\"value\":\"Esta vulnerabilidad permite a atacantes adyacentes a la red ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de los puntos de acceso Wi-Fi D-Link DAP-2020 v1.01rc001.\u0026#xa0;No es requerida una autenticaci\u00f3n para explotar esta vulnerabilidad.\u0026#xa0;El fallo espec\u00edfico se presenta dentro del procesamiento de scripts CGI.\u0026#xa0;Cuando se analiza el par\u00e1metro getpage, el proceso no comprueba apropiadamente la longitud de los datos suministrados por el usuario antes de copiarlos en un b\u00fafer en la regi\u00f3n stack de la memoria de longitud fija.\u0026#xa0;Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto de root.\u0026#xa0;Era ZDI-CAN-10932\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV30\":[{\"source\":\"zdi-disclosures@trendmicro.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":8.3,\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":6.5,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"zdi-disclosures@trendmicro.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-121\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:dap-2020_firmware:1.01:rc001:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0962F7C-1425-478D-9E83-D6560578DFA6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dlink:dap-2020:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9FF47C9-C3D0-4F84-92A7-FCAA390F4AD0\"}]}]}],\"references\":[{\"url\":\"https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10201\",\"source\":\"zdi-disclosures@trendmicro.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-21-203/\",\"source\":\"zdi-disclosures@trendmicro.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10201\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-21-203/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

VAR-202104-1034

Vulnerability from variot - Updated: 2023-12-18 12:26

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. When parsing the getpage parameter, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-10932. D-Link DAP-2020 is a WiFi range extender from D-Link in Taiwan. TCP (Transmission Control Protocol, Transmission Control Protocol) is a connection-oriented, reliable, byte stream-based transport layer communication protocol, defined by IETF RFC 793

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202104-1034",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "dap-2020",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dlink",
        "version": "1.01"
      },
      {
        "model": "dap-2020",
        "scope": null,
        "trust": 0.7,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "dap-2020 v1.01rc001",
        "scope": null,
        "trust": 0.6,
        "vendor": "d link",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-203"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-40324"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-27248"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dlink:dap-2020_firmware:1.01:rc001:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dlink:dap-2020:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-27248"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "chung96vn ft Hoang Le (phieulang)",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-203"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2021-27248",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 8.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 6.5,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 8.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 6.5,
            "id": "CNVD-2021-40324",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "COMPLETE",
            "baseScore": 8.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 6.5,
            "id": "CVE-2021-27248",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "HIGH",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "author": "zdi-disclosures@trendmicro.com",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT",
            "author": "ZDI",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "id": "CVE-2021-27248",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 0.7,
            "userInteraction": "NONE",
            "vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2021-27248",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "zdi-disclosures@trendmicro.com",
            "id": "CVE-2021-27248",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "ZDI",
            "id": "CVE-2021-27248",
            "trust": 0.7,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2021-40324",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202104-1143",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-27248",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-203"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-40324"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-27248"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-27248"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-27248"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-1143"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. When parsing the getpage parameter, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-10932. D-Link DAP-2020 is a WiFi range extender from D-Link in Taiwan. TCP (Transmission Control Protocol, Transmission Control Protocol) is a connection-oriented, reliable, byte stream-based transport layer communication protocol, defined by IETF RFC 793",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-27248"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-203"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-40324"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-27248"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-27248",
        "trust": 3.0
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-203",
        "trust": 2.4
      },
      {
        "db": "DLINK",
        "id": "SAP10201",
        "trust": 1.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-10932",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-40324",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021100105",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-1143",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-27248",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-203"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-40324"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-27248"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-27248"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-1143"
      }
    ]
  },
  "id": "VAR-202104-1034",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-40324"
      }
    ],
    "trust": 1.24
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-40324"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:26:54.599000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "D-Link has issued an update to correct this vulnerability.",
        "trust": 0.7,
        "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10201"
      },
      {
        "title": "Patch for D-Link DAP-2020 command injection vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/270746"
      },
      {
        "title": "D-Link DAP-2020 Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=147505"
      },
      {
        "title": "alonzzzo",
        "trust": 0.1,
        "url": "https://github.com/alonzozzz/alonzzzo "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/khulnasoft-lab/awesome-security "
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-203"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-40324"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-27248"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-1143"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-121",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-27248"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10201"
      },
      {
        "trust": 1.8,
        "url": "https://www.zerodayinitiative.com/advisories/zdi-21-203/"
      },
      {
        "trust": 1.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27248"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021100105"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/121.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-203"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-40324"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-27248"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-27248"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-1143"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "ZDI",
        "id": "ZDI-21-203"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-40324"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-27248"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-27248"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-1143"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-02-24T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-203"
      },
      {
        "date": "2021-06-08T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2021-40324"
      },
      {
        "date": "2021-04-14T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-27248"
      },
      {
        "date": "2021-04-14T16:15:13.360000",
        "db": "NVD",
        "id": "CVE-2021-27248"
      },
      {
        "date": "2021-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-1143"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-09-27T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-203"
      },
      {
        "date": "2021-06-08T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2021-40324"
      },
      {
        "date": "2023-04-26T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-27248"
      },
      {
        "date": "2023-11-08T22:51:28.047000",
        "db": "NVD",
        "id": "CVE-2021-27248"
      },
      {
        "date": "2021-10-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-1143"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote or local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-1143"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "D-Link DAP-2020 webproc getpage Stack-based Buffer Overflow Remote Code Execution Vulnerability",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-203"
      }
    ],
    "trust": 0.7
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-1143"
      }
    ],
    "trust": 0.6
  }
}

GHSA-V89M-75XW-X3CC

Vulnerability from github – Published: 2022-05-24 17:47 – Updated: 2023-04-26 21:30

Details

Severity ?

8.8 (High)


                  
                    CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-27248"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-121"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-04-14T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. When parsing the getpage parameter, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-10932.",
  "id": "GHSA-v89m-75xw-x3cc",
  "modified": "2023-04-26T21:30:36Z",
  "published": "2022-05-24T17:47:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27248"
    },
    {
      "type": "WEB",
      "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10201"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-203"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2021-27248

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-27248

Aliases

CVE-2021-27248

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-27248",
    "description": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. When parsing the getpage parameter, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-10932.",
    "id": "GSD-2021-27248"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-27248"
      ],
      "details": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. When parsing the getpage parameter, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-10932.",
      "id": "GSD-2021-27248",
      "modified": "2023-12-13T01:23:35.839268Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "zdi-disclosures@trendmicro.com",
        "ID": "CVE-2021-27248",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "DAP-2020",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "v1.01rc001"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "D-Link"
            }
          ]
        }
      },
      "credit": "chung96vn ft phieulang \u0026 Chi Tran",
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. When parsing the getpage parameter, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-10932."
          }
        ]
      },
      "impact": {
        "cvss": {
          "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-121: Stack-based Buffer Overflow"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-203/",
            "refsource": "MISC",
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-203/"
          },
          {
            "name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10201",
            "refsource": "MISC",
            "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10201"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dlink:dap-2020_firmware:1.01:rc001:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dlink:dap-2020:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "zdi-disclosures@trendmicro.com",
          "ID": "CVE-2021-27248"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. When parsing the getpage parameter, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-10932."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-121"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10201",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10201"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-203/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-203/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 8.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 6.5,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-11-08T22:51Z",
      "publishedDate": "2021-04-14T16:15Z"
    }
  }
}

FKIE_CVE-2021-27248

Vulnerability from fkie_nvd - Published: 2021-04-14 16:15 - Updated: 2024-11-21 05:57

Severity ?

8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
zdi-disclosures@trendmicro.com	https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10201	Patch, Vendor Advisory
zdi-disclosures@trendmicro.com	https://www.zerodayinitiative.com/advisories/ZDI-21-203/	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10201	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.zerodayinitiative.com/advisories/ZDI-21-203/	Third Party Advisory, VDB Entry

Impacted products

	Vendor	Product	Version
	dlink	dap-2020_firmware	1.01
	dlink	dap-2020	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dlink:dap-2020_firmware:1.01:rc001:*:*:*:*:*:*",
              "matchCriteriaId": "B0962F7C-1425-478D-9E83-D6560578DFA6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dlink:dap-2020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9FF47C9-C3D0-4F84-92A7-FCAA390F4AD0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. When parsing the getpage parameter, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-10932."
    },
    {
      "lang": "es",
      "value": "Esta vulnerabilidad permite a atacantes adyacentes a la red ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de los puntos de acceso Wi-Fi D-Link DAP-2020 v1.01rc001.\u0026#xa0;No es requerida una autenticaci\u00f3n para explotar esta vulnerabilidad.\u0026#xa0;El fallo espec\u00edfico se presenta dentro del procesamiento de scripts CGI.\u0026#xa0;Cuando se analiza el par\u00e1metro getpage, el proceso no comprueba apropiadamente la longitud de los datos suministrados por el usuario antes de copiarlos en un b\u00fafer en la regi\u00f3n stack de la memoria de longitud fija.\u0026#xa0;Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto de root.\u0026#xa0;Era ZDI-CAN-10932"
    }
  ],
  "id": "CVE-2021-27248",
  "lastModified": "2024-11-21T05:57:40.923",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 8.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 6.5,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "zdi-disclosures@trendmicro.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-04-14T16:15:13.360",
  "references": [
    {
      "source": "zdi-disclosures@trendmicro.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10201"
    },
    {
      "source": "zdi-disclosures@trendmicro.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-203/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10201"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-203/"
    }
  ],
  "sourceIdentifier": "zdi-disclosures@trendmicro.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-121"
        }
      ],
      "source": "zdi-disclosures@trendmicro.com",
      "type": "Secondary"
    }
  ]
}

CNVD-2021-40324

Vulnerability from cnvd - Published: 2021-06-08

Title

D-Link DAP-2020命令注入漏洞

Description

D-Link DAP-2020是中国台湾友讯（D-Link）公司的一款WiFi范围扩展器。TCP（Transmission Control Protocol,传输控制协议）是一种面向连接的、可靠的、基于字节流的传输层通信协议，由IETF的RFC 793定义。 D-Link DAP-2020 v1.01rc001版本在处理CGI脚本时存在命令注入漏洞。该漏洞源于程序在将用户输入复制到固定长度的堆栈缓冲区之前未对其长度进行正确验证。攻击者可利用该漏洞在root上下文中执行任意代码。

Severity

高

Patch Name

D-Link DAP-2020命令注入漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10201

Reference

https://nvd.nist.gov/vuln/detail/CVE-2021-27248

Impacted products

Name
D-Link DAP-2020 v1.01rc001

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-27248",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-27248"
    }
  },
  "description": "D-Link DAP-2020\u662f\u4e2d\u56fd\u53f0\u6e7e\u53cb\u8baf\uff08D-Link\uff09\u516c\u53f8\u7684\u4e00\u6b3eWiFi\u8303\u56f4\u6269\u5c55\u5668\u3002TCP\uff08Transmission Control Protocol,\u4f20\u8f93\u63a7\u5236\u534f\u8bae\uff09\u662f\u4e00\u79cd\u9762\u5411\u8fde\u63a5\u7684\u3001\u53ef\u9760\u7684\u3001\u57fa\u4e8e\u5b57\u8282\u6d41\u7684\u4f20\u8f93\u5c42\u901a\u4fe1\u534f\u8bae\uff0c\u7531IETF\u7684RFC 793\u5b9a\u4e49\u3002\n\nD-Link DAP-2020 v1.01rc001\u7248\u672c\u5728\u5904\u7406CGI\u811a\u672c\u65f6\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u5728\u5c06\u7528\u6237\u8f93\u5165\u590d\u5236\u5230\u56fa\u5b9a\u957f\u5ea6\u7684\u5806\u6808\u7f13\u51b2\u533a\u4e4b\u524d\u672a\u5bf9\u5176\u957f\u5ea6\u8fdb\u884c\u6b63\u786e\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728root\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10201",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-40324",
  "openTime": "2021-06-08",
  "patchDescription": "D-Link DAP-2020\u662f\u4e2d\u56fd\u53f0\u6e7e\u53cb\u8baf\uff08D-Link\uff09\u516c\u53f8\u7684\u4e00\u6b3eWiFi\u8303\u56f4\u6269\u5c55\u5668\u3002TCP\uff08Transmission Control Protocol,\u4f20\u8f93\u63a7\u5236\u534f\u8bae\uff09\u662f\u4e00\u79cd\u9762\u5411\u8fde\u63a5\u7684\u3001\u53ef\u9760\u7684\u3001\u57fa\u4e8e\u5b57\u8282\u6d41\u7684\u4f20\u8f93\u5c42\u901a\u4fe1\u534f\u8bae\uff0c\u7531IETF\u7684RFC 793\u5b9a\u4e49\u3002\r\n\r\nD-Link DAP-2020 v1.01rc001\u7248\u672c\u5728\u5904\u7406CGI\u811a\u672c\u65f6\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u5728\u5c06\u7528\u6237\u8f93\u5165\u590d\u5236\u5230\u56fa\u5b9a\u957f\u5ea6\u7684\u5806\u6808\u7f13\u51b2\u533a\u4e4b\u524d\u672a\u5bf9\u5176\u957f\u5ea6\u8fdb\u884c\u6b63\u786e\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728root\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "D-Link DAP-2020\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "D-Link DAP-2020 v1.01rc001"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-27248",
  "serverity": "\u9ad8",
  "submitTime": "2021-04-29",
  "title": "D-Link DAP-2020\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-27248 (GCVE-0-2021-27248)

VAR-202104-1034

GHSA-V89M-75XW-X3CC

GSD-2021-27248

FKIE_CVE-2021-27248

CNVD-2021-40324

Tags

Sightings

Nomenclature