Vulnerability Details CVE-2019-6963
A heap-based buffer overflow in cosa_dhcpv4_dml.c in the RDK RDKB-20181217-1 CcspPandM module may allow attackers with login credentials to achieve remote code execution by crafting a long buffer in the "Comment" field of an IP reservation form in the admin panel. This is related to the CcspCommonLibrary module.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.022
EPSS Ranking 83.6%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
References
Products affected by CVE-2019-6963
-
cpe:2.3:a:rdkcentral:rdkb_ccsppandm:rdkb-20181217-1