cvelistv5 - CVE-2011-3992

CVE-2011-3992 (GCVE-0-2011-3992)

Vulnerability from cvelistv5

Published

2011-11-03 17:00

Modified

2024-08-06 23:53

Severity ?

CWE

Summary

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

fkie_cve-2011-3992

Vulnerability from fkie_nvd

Published

2011-11-03 17:55

Modified

2025-04-11 00:51

Severity ?

Summary

References

	URL	Tags
	vultures@jpcert.or.jp	http://jvn.jp/en/jp/JVN72640744/index.html
	vultures@jpcert.or.jp	http://jvndb.jvn.jp/jvndb/JVNDB-2011-000092
	vultures@jpcert.or.jp	http://osvdb.org/76628
	vultures@jpcert.or.jp	http://www.dlink-jp.com/page/sc/F/security_info20111028.html
	vultures@jpcert.or.jp	http://www.securityfocus.com/bid/50405
	af854a3a-2127-422b-91ae-364da2661108	http://jvn.jp/en/jp/JVN72640744/index.html
	af854a3a-2127-422b-91ae-364da2661108	http://jvndb.jvn.jp/jvndb/JVNDB-2011-000092
	af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/76628
	af854a3a-2127-422b-91ae-364da2661108	http://www.dlink-jp.com/page/sc/F/security_info20111028.html
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/50405

Impacted products

Vendor	Product	Version
dlink	des-3800	*
dlink	des-3800_firmware	*
dlink	des-3800_firmware	4.00
dlink	dwl-2100ap	*
dlink	dwl-2100ap_firmware	*
dlink	dwl-3200ap	*
dlink	dwl-3200ap_firmware	*
dlink	dwl-3200ap_firmware	2.40

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dlink:des-3800:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFFA8FFC-3CCD-47C1-8B6B-7071A283D5A0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dlink:des-3800_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "41386104-F07D-4EB6-ABC2-02F3A578BE2F",
              "versionEndIncluding": "4.50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:dlink:des-3800_firmware:4.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "06B0C1F9-4A48-4CA6-9209-688E0D1D5353",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dlink:dwl-2100ap:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CF115B9-732C-4E3F-8CDF-485586B9B3E3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:dlink:dwl-2100ap_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "705CD51A-C49B-4B93-A5EB-9BE37D0A93C9",
              "versionEndIncluding": "2.50",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dlink:dwl-3200ap:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCF540F8-D43F-48AE-A3E5-5BEF52494021",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:dlink:dwl-3200ap_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D69E7AC5-DE24-457E-A8EF-BA5C3F6A327F",
              "versionEndIncluding": "2.55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlink:dwl-3200ap_firmware:2.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7FD3A76-BBAC-4AE8-9C3B-5A1F3968E1B1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in the SSH server functionality on the D-Link DES-3800 with firmware before 4.50B052, DWL-2100AP with firmware before 2.50RC548, and DWL-3200AP with firmware before 2.55RC549 allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer en la funcionalidad de servidor SSH en D-Link DES-3800 con firmware  anterior a v4.50B052, DWL-2100AP con firmware anterior a v2.50RC548, y DWL-3200AP con firmware anterior a v2.55RC549 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n o causar una denegaci\u00f3n de servicio a trav\u00e9s de vectores desconocidos."
    }
  ],
  "id": "CVE-2011-3992",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-11-03T17:55:01.717",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "url": "http://jvn.jp/en/jp/JVN72640744/index.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000092"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "url": "http://osvdb.org/76628"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "url": "http://www.dlink-jp.com/page/sc/F/security_info20111028.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "url": "http://www.securityfocus.com/bid/50405"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://jvn.jp/en/jp/JVN72640744/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000092"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/76628"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.dlink-jp.com/page/sc/F/security_info20111028.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/50405"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2011-3992

Vulnerability from jvndb

Published

2011-10-28 17:42

Modified

2011-10-28 17:42

Severity ?

() - -

Summary

Multiple D-Link products vulnerable to buffer overflow

Details

Multiple D-Link products contain a buffer overflow vulnerability. Multiple D-Link products contain a buffer overflow vulnerability due to a SSH implementation issue. Hisashi Kojima, Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

Type

URL

	JVN	http://jvn.jp/en/jp/JVN72640744/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3992
	NVD	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3992
	IPA SECURITY ALERTS	http://www.ipa.go.jp/security/english/vuln/201110_dlink_en.html
	Buffer Errors(CWE-119)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

	D-Link Corporation	DES-3800
	D-Link Corporation	DWL-2100AP
	D-Link Corporation	DWL-3200AP

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000092.html",
  "dc:date": "2011-10-28T17:42+09:00",
  "dcterms:issued": "2011-10-28T17:42+09:00",
  "dcterms:modified": "2011-10-28T17:42+09:00",
  "description": "Multiple D-Link products contain a buffer overflow vulnerability.\r\n\r\nMultiple D-Link products contain a buffer overflow vulnerability due to a SSH implementation issue.\r\n\r\nHisashi Kojima, Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000092.html",
  "sec:cpe": [
    {
      "#text": "cpe:/h:dlink:des-3800",
      "@product": "DES-3800 ",
      "@vendor": "D-Link Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:dlink:dwl-2100AP",
      "@product": "DWL-2100AP",
      "@vendor": "D-Link Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:dlink:dwl-3200AP",
      "@product": "DWL-3200AP",
      "@vendor": "D-Link Corporation",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "10.0",
    "@severity": "High",
    "@type": "Base",
    "@vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2011-000092",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN72640744/index.html",
      "@id": "JVN#72640744",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3992",
      "@id": "CVE-2011-3992",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3992",
      "@id": "CVE-2011-3992",
      "@source": "NVD"
    },
    {
      "#text": "http://www.ipa.go.jp/security/english/vuln/201110_dlink_en.html",
      "@id": "Security Alert for Vulnerability in Multiple D-Link Products",
      "@source": "IPA SECURITY ALERTS"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-119",
      "@title": "Buffer Errors(CWE-119)"
    }
  ],
  "title": "Multiple D-Link products vulnerable to buffer overflow"
}

ghsa-64pp-ww3p-f3q4

Vulnerability from github

Published

2022-05-14 02:14

Modified

2022-05-14 02:14

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2011-3992"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-11-03T17:55:00Z",
    "severity": "HIGH"
  },
  "details": "Buffer overflow in the SSH server functionality on the D-Link DES-3800 with firmware before 4.50B052, DWL-2100AP with firmware before 2.50RC548, and DWL-3200AP with firmware before 2.55RC549 allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors.",
  "id": "GHSA-64pp-ww3p-f3q4",
  "modified": "2022-05-14T02:14:22Z",
  "published": "2022-05-14T02:14:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3992"
    },
    {
      "type": "WEB",
      "url": "http://jvn.jp/en/jp/JVN72640744/index.html"
    },
    {
      "type": "WEB",
      "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000092"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/76628"
    },
    {
      "type": "WEB",
      "url": "http://www.dlink-jp.com/page/sc/F/security_info20111028.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/50405"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

var-201111-0137

Vulnerability from variot

Buffer overflow in the SSH server functionality on the D-Link DES-3800 with firmware before 4.50B052, DWL-2100AP with firmware before 2.50RC548, and DWL-3200AP with firmware before 2.55RC549 allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors. Multiple D-Link products contain a buffer overflow vulnerability. Multiple D-Link products contain a buffer overflow vulnerability due to a SSH implementation issue. Hisashi Kojima, Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA. The problem exists in the SSH server provided by the device. Unexplained security vulnerabilities allow remote attackers to perform buffer overflow attacks. Successful exploitation of a vulnerability can execute arbitrary code in the context of an application. Very few details are available regarding this issue. We will update this BID when more information emerges. Failed exploit attempts will likely result in a denial-of-service condition. The issue affects the following: D-Link DES-3800 firmware prior to R4.50B052 D-Link DWL-2100AP firmware prior to 2.50RC548 D-Link DWL-3200AP firmware prior to 2.55RC549. D-Link is a network company founded by Taiwan D-Link Group, dedicated to the R&D, production and marketing of LAN, broadband network, wireless network, voice network and related network equipment. ----------------------------------------------------------------------

Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.

Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/

TITLE: D-Link Products SSH Server Buffer Overflow Vulnerability

SECUNIA ADVISORY ID: SA46637

VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46637/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46637

RELEASE DATE: 2011-10-29

DISCUSS ADVISORY: http://secunia.com/advisories/46637/#comments

AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

http://secunia.com/advisories/46637/

ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

https://ca.secunia.com/?page=viewadvisory&vuln_id=46637

ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

DESCRIPTION: A vulnerability has been reported in multiple D-Link products, which can be exploited by malicious people to compromise a vulnerable device.

SOLUTION: Update to fixed firmware (please see the vendor's advisory for details).

PROVIDED AND/OR DISCOVERED BY: JVN credits Hisashi Kojima, and Masahiro Nakada, Fujitsu Laboratories Ltd.

ORIGINAL ADVISORY: D-Link (DL-VU2011-001): http://www.dlink-jp.com/page/sc/F/security_info20111028.html

JVN: http://jvn.jp/en/jp/JVN72640744/index.html http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000092.html

OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201111-0137",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "dwl-3200ap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dlink",
        "version": "*"
      },
      {
        "model": "dwl-2100ap",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "dlink",
        "version": "2.50"
      },
      {
        "model": "des-3800",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dlink",
        "version": "4.00"
      },
      {
        "model": "des-3800",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "dlink",
        "version": "4.50"
      },
      {
        "model": "des-3800",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dlink",
        "version": "*"
      },
      {
        "model": "dwl-2100ap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dlink",
        "version": "*"
      },
      {
        "model": "dwl-3200ap",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "dlink",
        "version": "2.55"
      },
      {
        "model": "dwl-3200ap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dlink",
        "version": "2.40"
      },
      {
        "model": "des-3800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "d link",
        "version": "series firmware prior to r4.50b052"
      },
      {
        "model": "dwl-2100ap",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "d link",
        "version": "firmware prior to 2.50rc548"
      },
      {
        "model": "dwl-3200ap",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "d link",
        "version": "firmware prior to 2.55rc549"
      },
      {
        "model": "dwl-3200ap",
        "scope": null,
        "trust": 0.6,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "dwl-2100ap",
        "scope": null,
        "trust": 0.6,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "des-3800",
        "scope": null,
        "trust": 0.6,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "dwl-3200ap",
        "scope": null,
        "trust": 0.6,
        "vendor": "dlink",
        "version": null
      },
      {
        "model": "des-3800",
        "scope": null,
        "trust": 0.6,
        "vendor": "dlink",
        "version": null
      },
      {
        "model": "dwl-2100ap",
        "scope": null,
        "trust": 0.6,
        "vendor": "dlink",
        "version": null
      },
      {
        "model": "dwl-3200ap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "d link",
        "version": "0"
      },
      {
        "model": "dwl-2100ap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "d link",
        "version": "0"
      },
      {
        "model": "des-3800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "d link",
        "version": "0"
      },
      {
        "model": "dwl-3200ap 2.55rc549",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "dwl-2100ap 2.50rc548",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "des-3800 r4.50b052",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2011-4566"
      },
      {
        "db": "BID",
        "id": "50405"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-000092"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201110-688"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3992"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/h:d-link:des-3800",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:d-link:dwl-2100AP",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:d-link:dwl-3200AP",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-000092"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Hisashi Kojima",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201110-688"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2011-3992",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2011-3992",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.0,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "Complete",
            "baseScore": 10.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "JVNDB-2011-000092",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "VHN-51937",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2011-3992",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2011-000092",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201110-688",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-51937",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-51937"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-000092"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201110-688"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3992"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Buffer overflow in the SSH server functionality on the D-Link DES-3800 with firmware before 4.50B052, DWL-2100AP with firmware before 2.50RC548, and DWL-3200AP with firmware before 2.55RC549 allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors. Multiple D-Link products contain a buffer overflow vulnerability. Multiple D-Link products contain a buffer overflow vulnerability due to a SSH implementation issue. Hisashi Kojima, Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA. The problem exists in the SSH server provided by the device. Unexplained security vulnerabilities allow remote attackers to perform buffer overflow attacks. Successful exploitation of a vulnerability can execute arbitrary code in the context of an application. \nVery few details are available regarding this issue.  We will update this BID when more information emerges. Failed exploit attempts will likely result in a denial-of-service condition. \nThe issue affects the following:\nD-Link DES-3800 firmware prior to R4.50B052\nD-Link DWL-2100AP firmware prior to 2.50RC548\nD-Link DWL-3200AP firmware prior to 2.55RC549. D-Link is a network company founded by Taiwan D-Link Group, dedicated to the R\u0026D, production and marketing of LAN, broadband network, wireless network, voice network and related network equipment. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nD-Link Products SSH Server Buffer Overflow Vulnerability\n\nSECUNIA ADVISORY ID:\nSA46637\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46637/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46637\n\nRELEASE DATE:\n2011-10-29\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46637/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46637/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46637\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in multiple D-Link products, which\ncan be exploited by malicious people to compromise a vulnerable\ndevice. \n\nSOLUTION:\nUpdate to fixed firmware (please see the vendor\u0027s advisory for\ndetails). \n\nPROVIDED AND/OR DISCOVERED BY:\nJVN credits Hisashi Kojima, and Masahiro Nakada, Fujitsu Laboratories\nLtd. \n\nORIGINAL ADVISORY:\nD-Link (DL-VU2011-001):\nhttp://www.dlink-jp.com/page/sc/F/security_info20111028.html\n\nJVN:\nhttp://jvn.jp/en/jp/JVN72640744/index.html\nhttp://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000092.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-3992"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-000092"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4566"
      },
      {
        "db": "BID",
        "id": "50405"
      },
      {
        "db": "VULHUB",
        "id": "VHN-51937"
      },
      {
        "db": "PACKETSTORM",
        "id": "106360"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2011-3992",
        "trust": 3.4
      },
      {
        "db": "JVN",
        "id": "JVN72640744",
        "trust": 2.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-000092",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "46637",
        "trust": 1.5
      },
      {
        "db": "BID",
        "id": "50405",
        "trust": 1.4
      },
      {
        "db": "OSVDB",
        "id": "76628",
        "trust": 1.1
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201110-688",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4566",
        "trust": 0.6
      },
      {
        "db": "JVN",
        "id": "JVN#72640744",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "18073",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-51937",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "106360",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2011-4566"
      },
      {
        "db": "VULHUB",
        "id": "VHN-51937"
      },
      {
        "db": "BID",
        "id": "50405"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-000092"
      },
      {
        "db": "PACKETSTORM",
        "id": "106360"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201110-688"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3992"
      }
    ]
  },
  "id": "VAR-201111-0137",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2011-4566"
      },
      {
        "db": "VULHUB",
        "id": "VHN-51937"
      }
    ],
    "trust": 1.2912698233333333
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT",
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2011-4566"
      }
    ]
  },
  "last_update_date": "2024-11-23T23:12:56.684000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "DL-VU2011-001 \"vulnerability in the SSH function\"",
        "trust": 0.8,
        "url": "http://www.dlink-jp.com/page/sc/F/security_info.html"
      },
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.dlink-jp.com/"
      },
      {
        "title": "Patch for D-Link Multiple Products Remote Buffer Overflow Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/5700"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2011-4566"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-000092"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-51937"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-000092"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3992"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.9,
        "url": "http://jvn.jp/en/jp/jvn72640744/index.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.dlink-jp.com/page/sc/f/security_info20111028.html"
      },
      {
        "trust": 1.7,
        "url": "http://jvndb.jvn.jp/jvndb/jvndb-2011-000092"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/50405"
      },
      {
        "trust": 1.1,
        "url": "http://osvdb.org/76628"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3992"
      },
      {
        "trust": 0.8,
        "url": "http://www.ipa.go.jp/security/english/vuln/201110_dlink_en.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3992"
      },
      {
        "trust": 0.6,
        "url": "http://secunia.com/advisories/46637/http"
      },
      {
        "trust": 0.6,
        "url": "http://secunia.com/advisories/46637"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/18073"
      },
      {
        "trust": 0.3,
        "url": "http://www.dlink.com/"
      },
      {
        "trust": 0.1,
        "url": "http://jvndb.jvn.jp/ja/contents/2011/jvndb-2011-000092.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_intelligence/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/46637/#comments"
      },
      {
        "trust": 0.1,
        "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46637"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/personal/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/46637/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/products/corporate/vim/ovum_2011_request/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2011-4566"
      },
      {
        "db": "VULHUB",
        "id": "VHN-51937"
      },
      {
        "db": "BID",
        "id": "50405"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-000092"
      },
      {
        "db": "PACKETSTORM",
        "id": "106360"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201110-688"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3992"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2011-4566"
      },
      {
        "db": "VULHUB",
        "id": "VHN-51937"
      },
      {
        "db": "BID",
        "id": "50405"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-000092"
      },
      {
        "db": "PACKETSTORM",
        "id": "106360"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201110-688"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3992"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-10-31T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-4566"
      },
      {
        "date": "2011-11-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-51937"
      },
      {
        "date": "2011-10-28T00:00:00",
        "db": "BID",
        "id": "50405"
      },
      {
        "date": "2011-10-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-000092"
      },
      {
        "date": "2011-10-31T07:50:33",
        "db": "PACKETSTORM",
        "id": "106360"
      },
      {
        "date": "2011-10-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201110-688"
      },
      {
        "date": "2011-11-03T17:55:01.717000",
        "db": "NVD",
        "id": "CVE-2011-3992"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-10-31T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-4566"
      },
      {
        "date": "2018-10-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-51937"
      },
      {
        "date": "2011-10-28T00:00:00",
        "db": "BID",
        "id": "50405"
      },
      {
        "date": "2011-10-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-000092"
      },
      {
        "date": "2011-11-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201110-688"
      },
      {
        "date": "2024-11-21T01:31:40.380000",
        "db": "NVD",
        "id": "CVE-2011-3992"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201110-688"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple D-Link products vulnerable to buffer overflow",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-000092"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201110-688"
      }
    ],
    "trust": 0.6
  }
}

CERTA-2011-AVI-608

Vulnerability from certfr_avis

Une vulnérabilité présente sur les produits D-Link peut être utilisée par un utilisateur malveillant pour exécuter du code arbitraire à distance.

Description

Une vulnérabilité de type débordement de tampon a été identifiée dans le serveur SSH de certains produits D-Link. Une personne malveillante peut exploiter cette vulnérabilité afin d'exécuter du code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Une mise à jour du firmware permet de corriger cette vulnérabilité. Il est aussi possible de désactiver le serveur SSH dans certains produits, si celui-ci n'est pas utilisé.

None

Impacted products

Vendor	Product	Description
N/A	N/A	D-Link séries DES-3800 firmwares antérieures au R4.50B052 ;
N/A	N/A	D-Link séries DWL-2100AP firmwares antérieures au 2.50RC548 ;
N/A	N/A	D-Link séries DWL-3200AP firmwares antérieures au 2.55RC549.

References

Title

Publication Time

gsd-2011-3992

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2011-3992

Aliases

CVE-2011-3992

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2011-3992",
    "description": "Buffer overflow in the SSH server functionality on the D-Link DES-3800 with firmware before 4.50B052, DWL-2100AP with firmware before 2.50RC548, and DWL-3200AP with firmware before 2.55RC549 allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors.",
    "id": "GSD-2011-3992"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2011-3992"
      ],
      "details": "Buffer overflow in the SSH server functionality on the D-Link DES-3800 with firmware before 4.50B052, DWL-2100AP with firmware before 2.50RC548, and DWL-3200AP with firmware before 2.55RC549 allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors.",
      "id": "GSD-2011-3992",
      "modified": "2023-12-13T01:19:09.485591Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2011-3992",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Buffer overflow in the SSH server functionality on the D-Link DES-3800 with firmware before 4.50B052, DWL-2100AP with firmware before 2.50RC548, and DWL-3200AP with firmware before 2.55RC549 allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "JVNDB-2011-000092",
            "refsource": "JVNDB",
            "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000092"
          },
          {
            "name": "76628",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/76628"
          },
          {
            "name": "50405",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/50405"
          },
          {
            "name": "JVN#72640744",
            "refsource": "JVN",
            "url": "http://jvn.jp/en/jp/JVN72640744/index.html"
          },
          {
            "name": "http://www.dlink-jp.com/page/sc/F/security_info20111028.html",
            "refsource": "CONFIRM",
            "url": "http://www.dlink-jp.com/page/sc/F/security_info20111028.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dlink:des-3800:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dlink:des-3800_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "4.50",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:dlink:des-3800_firmware:4.00:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dlink:dwl-2100ap:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:dlink:dwl-2100ap_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.50",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dlink:dwl-3200ap:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:dlink:dwl-3200ap_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.55",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:dlink:dwl-3200ap_firmware:2.40:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2011-3992"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Buffer overflow in the SSH server functionality on the D-Link DES-3800 with firmware before 4.50B052, DWL-2100AP with firmware before 2.50RC548, and DWL-3200AP with firmware before 2.55RC549 allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.dlink-jp.com/page/sc/F/security_info20111028.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.dlink-jp.com/page/sc/F/security_info20111028.html"
            },
            {
              "name": "JVN#72640744",
              "refsource": "JVN",
              "tags": [],
              "url": "http://jvn.jp/en/jp/JVN72640744/index.html"
            },
            {
              "name": "JVNDB-2011-000092",
              "refsource": "JVNDB",
              "tags": [],
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000092"
            },
            {
              "name": "50405",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/50405"
            },
            {
              "name": "76628",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/76628"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-30T16:26Z",
      "publishedDate": "2011-11-03T17:55Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2011-3992 (GCVE-0-2011-3992)

Vulnerability from cvelistv5

fkie_cve-2011-3992

Vulnerability from fkie_nvd

CVE-2011-3992

Vulnerability from jvndb

ghsa-64pp-ww3p-f3q4

Vulnerability from github

var-201111-0137

Vulnerability from variot

CERTA-2011-AVI-608

Vulnerability from certfr_avis

Description

Solution

gsd-2011-3992

Vulnerability from gsd

Tags

Sightings

Nomenclature