CVE-2015-2797

Stack-based buffer overflow in AirTies Air 6372, 5760, 5750, 5650TT, 5453, 5444TT, 5443, 5442, 5343, 5342, 5341, and 5021 DSL modems with firmware 1.0.2.0 and earlier allows remote attackers to execute arbitrary code via a long string in the redirect parameter to cgi-bin/login.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.bmicrosystems.com/blog/exploiting-the-airties-air-series/	Exploit
http://osvdb.org/show/osvdb/120335
https://www.exploit-db.com/exploits/36577/	Exploit
https://www.exploit-db.com/exploits/37170/	Exploit
http://www.securityfocus.com/bid/75355

Advertisement

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:airties:air_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:airties:air_5442:-:::::::*
	cpe:2.3:h:airties:air_5443:-:::::::*
	cpe:2.3:h:airties:air_5021:-:::::::*
	cpe:2.3:h:airties:air_5341:-:::::::*
	cpe:2.3:h:airties:air_5650tt:-:::::::*
	cpe:2.3:h:airties:air_5750:-:::::::*
	cpe:2.3:h:airties:air_5342:-:::::::*
	cpe:2.3:h:airties:air_5343:-:::::::*
	cpe:2.3:h:airties:air_5760:-:::::::*
	cpe:2.3:h:airties:air_6372:-:::::::*
	cpe:2.3:h:airties:air_5444tt:-:::::::*
	cpe:2.3:h:airties:air_5453:-:::::::*

Information

Published : 2015-06-19 07:59

Updated : 2016-12-02 19:06

NVD link : CVE-2015-2797

Mitre link : CVE-2015-2797

JSON object : View

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Advertisement

Products Affected

airties

air_5341
air_5342
air_5444tt
air_5650tt
air_5442
air_5343
air_5760
air_6372
air_5443
air_5750
air_firmware
air_5453
air_5021

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.bmicrosystems.com/blog/exploiting-the-airties-air-series/", "name": "http://www.bmicrosystems.com/blog/exploiting-the-airties-air-series/", "tags": ["Exploit"], "refsource": "MISC"}, {"url": "http://osvdb.org/show/osvdb/120335", "name": "120335", "tags": [], "refsource": "OSVDB"}, {"url": "https://www.exploit-db.com/exploits/36577/", "name": "36577", "tags": ["Exploit"], "refsource": "EXPLOIT-DB"}, {"url": "https://www.exploit-db.com/exploits/37170/", "name": "37170", "tags": ["Exploit"], "refsource": "EXPLOIT-DB"}, {"url": "http://www.securityfocus.com/bid/75355", "name": "75355", "tags": [], "refsource": "BID"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Stack-based buffer overflow in AirTies Air 6372, 5760, 5750, 5650TT, 5453, 5444TT, 5443, 5442, 5343, 5342, 5341, and 5021 DSL modems with firmware 1.0.2.0 and earlier allows remote attackers to execute arbitrary code via a long string in the redirect parameter to cgi-bin/login."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-119"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2015-2797", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2015-06-19T14:59Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:airties:air_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.0.2.0"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:airties:air_5442:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:airties:air_5443:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:airties:air_5021:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:airties:air_5341:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:airties:air_5650tt:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:airties:air_5750:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:airties:air_5342:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:airties:air_5343:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:airties:air_5760:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:airties:air_6372:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:airties:air_5444tt:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:airties:air_5453:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2016-12-03T03:06Z"}