CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-20305

D-Link DIR-816 A2 1.10 B05 devices allow arbitrary remote code execution without authentication via the newpass parameter. In the /goform/form2userconfig.cgi handler function, a long password may lead to a stack-based buffer overflow and overwrite a return address.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.12

EPSS Ranking 93.4%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

https://github.com/RootSoull/Vuln-Poc/tree/master/D-Link/DIR-816
https://github.com/RootSoull/Vuln-Poc/tree/master/D-Link/DIR-816

Products affected by CVE-2018-20305

Dlink » Dir-816 A2 » Version: N/A

cpe:2.3:h:dlink:dir-816_a2:-
D-Link » Dir-816 A2 Firmware » Version: 1.10b05

cpe:2.3:o:d-link:dir-816_a2_firmware:1.10b05

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-20305

Products

Pricing

Contact Us