CVE-2016-1558

CRITICAL

D-Link DAP-2310/2330/2360/2553/2660/2690/2695/3320/3662 Buffer Overflow via dlink_uid Cookie

Title source: llm
STIX 2.1

Description

Buffer overflow in D-Link DAP-2310 2.06 and earlier, DAP-2330 1.06 and earlier, DAP-2360 2.06 and earlier, DAP-2553 H/W ver. B1 3.05 and earlier, DAP-2660 1.11 and earlier, DAP-2690 3.15 and earlier, DAP-2695 1.16 and earlier, DAP-3320 1.00 and earlier, and DAP-3662 1.01 and earlier allows remote attackers to have unspecified impact via a crafted 'dlink_uid' cookie.

References (3)

Core 3
Core References
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2016/Feb/112

Scores

CVSS v3 9.8
EPSS 0.1487
EPSS Percentile 94.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (10)
dlink/dap-2230_firmware 1.02
dlink/dap-2310_firmware 2.06
dlink/dap-2330_firmware 1.06
dlink/dap-2360_firmware 2.06
dlink/dap-2553_firmware 3.05
dlink/dap-2660_firmware 1.11
dlink/dap-2690_firmware 3.15
dlink/dap-2695_firmware 1.16
dlink/dap-3320_firmware 1.00
dlink/dap-3662_firmware 1.01
Published Apr 21, 2017
Tracked Since Feb 18, 2026