Vulnerability Details : CVE-2011-3992
Buffer overflow in the SSH server functionality on the D-Link DES-3800 with firmware before 4.50B052, DWL-2100AP with firmware before 2.50RC548, and DWL-3200AP with firmware before 2.55RC549 allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors.
Vulnerability category: OverflowExecute codeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2011-3992
Probability of exploitation activity in the next 30 days: 7.74%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 93 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2011-3992
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2011-3992
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-3992
-
http://www.securityfocus.com/bid/50405
D-Link Multiple Products Unspecified Remote Buffer Overflow Vulnerability
-
http://jvn.jp/en/jp/JVN72640744/index.html
JVN#72640744: Multiple D-Link products vulnerable to buffer overflow
-
http://www.dlink-jp.com/page/sc/F/security_info20111028.html
Nothing found for Page Sc F Security_Info20111028
-
http://jvndb.jvn.jp/jvndb/JVNDB-2011-000092
JVNDB-2011-000092 - JVN iPedia - 脆弱性対策情報データベース
Products affected by CVE-2011-3992
- cpe:2.3:h:dlink:des-3800:*:*:*:*:*:*:*:*
- cpe:2.3:h:dlink:dwl-2100ap:*:*:*:*:*:*:*:*
- cpe:2.3:a:dlink:dwl-2100ap_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:h:dlink:dwl-3200ap:*:*:*:*:*:*:*:*
- cpe:2.3:a:dlink:dwl-3200ap_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:a:dlink:dwl-3200ap_firmware:2.40:*:*:*:*:*:*:*
- cpe:2.3:o:dlink:des-3800_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dlink:des-3800_firmware:4.00:*:*:*:*:*:*:*