Vulnerability Details CVE-2018-16596
A stack-based buffer overflow in the LAN UPnP service running on UDP port 1900 of Swisscom Internet-Box (2, Standard, and Plus) prior to v09.04.00 and Internet-Box light prior to v08.05.02 allows remote code execution. No authentication is required to exploit this vulnerability. Sending a simple UDP packet to port 1900 allows an attacker to execute code on a remote device. However, this is only possible if the attacker is inside the LAN. Because of ASLR, the success rate is not 100% and leads instead to a DoS of the UPnP service. The remaining functionality of the Internet Box is not affected. A reboot of the Internet Box is necessary to attempt the exploit again.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 57.2%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.4
References
Products affected by CVE-2018-16596
-
cpe:2.3:h:swisscom:internet-box_2:-
-
cpe:2.3:h:swisscom:internet-box_light:-
-
cpe:2.3:h:swisscom:internet-box_plus:-
-
cpe:2.3:h:swisscom:internet-box_standard:-
-
cpe:2.3:o:swisscom:internet-box_2_firmware:-
-
cpe:2.3:o:swisscom:internet-box_2_firmware:09.00.60
-
cpe:2.3:o:swisscom:internet-box_2_firmware:09.01.44
-
cpe:2.3:o:swisscom:internet-box_2_firmware:09.01.60
-
cpe:2.3:o:swisscom:internet-box_2_firmware:09.02.08
-
cpe:2.3:o:swisscom:internet-box_2_firmware:09.04.00
-
cpe:2.3:o:swisscom:internet-box_light_firmware:-
-
cpe:2.3:o:swisscom:internet-box_light_firmware:08.04.26
-
cpe:2.3:o:swisscom:internet-box_light_firmware:08.04.36
-
cpe:2.3:o:swisscom:internet-box_plus_firmware:-
-
cpe:2.3:o:swisscom:internet-box_plus_firmware:09.01.52
-
cpe:2.3:o:swisscom:internet-box_plus_firmware:09.02.08
-
cpe:2.3:o:swisscom:internet-box_standard_firmware:-
-
cpe:2.3:o:swisscom:internet-box_standard_firmware:09.01.28
-
cpe:2.3:o:swisscom:internet-box_standard_firmware:09.02.08