CVE-2013-6027 : Stack-based buffer overflow in the RuntimeDiagnosticPing function in /bin/webs on D-Link DIR-100 routers might allow rem

Stack-based buffer overflow in the RuntimeDiagnosticPing function in /bin/webs on D-Link DIR-100 routers might allow remote authenticated administrators to execute arbitrary commands via a long set/runtime/diagnostic/pingIp parameter to Tools/tools_misc.xgi.

Published 2013-10-19 10:36:09

Updated 2023-04-26 18:55:31

Source CERT/CC

View at NVD, CVE.org

Vulnerability category: Overflow

Exploit prediction scoring system (EPSS) score for CVE-2013-6027

Probability of exploitation activity in the next 30 days: 0.61%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 78 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2013-6027

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
8.5	HIGH	AV:N/AC:M/Au:S/C:C/I:C/A:C	6.8	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: Single Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2013-6027

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2013-6027

http://www.kb.cert.org/vuls/id/248083

VU#248083 - D-Link routers authenticate administrative access using specific User-Agent string
US Government Resource

CVEs referencing this url
http://pastebin.com/raw.php?i=vbiG42VD

Exploit

Products affected by CVE-2013-6027

Dlink » Dir-100 » Version: N/A
cpe:2.3:h:dlink:dir-100:-:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2013-6027

Exploit prediction scoring system (EPSS) score for CVE-2013-6027

CVSS scores for CVE-2013-6027

CWE ids for CVE-2013-6027

References for CVE-2013-6027

Products affected by CVE-2013-6027