CVE-2011-3992 - OpenCVE

Buffer overflow in the SSH server functionality on the D-Link DES-3800 with firmware before 4.50B052, DWL-2100AP with firmware before 2.50RC548, and DWL-3200AP with firmware before 2.55RC549 allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Dlink	Des-3800 Des-3800 Firmware Dwl-2100ap Dwl-2100ap Firmware Dwl-3200ap Dwl-3200ap Firmware

Configuration 1 [-]

AND

cpe:2.3:h:dlink:des-3800:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:dlink:des-3800_firmware::::::::
	cpe:2.3:o:dlink:des-3800_firmware:4.00:::::::*

Configuration 2 [-]

AND

cpe:2.3:h:dlink:dwl-2100ap:*:*:*:*:*:*:*:*

cpe:2.3:a:dlink:dwl-2100ap_firmware:*:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:h:dlink:dwl-3200ap:*:*:*:*:*:*:*:*

OR	cpe:2.3:a:dlink:dwl-3200ap_firmware::::::::
	cpe:2.3:a:dlink:dwl-3200ap_firmware:2.40:::::::*

No data.

References

Link	Providers
http://jvn.jp/en/jp/JVN72640744/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2011-000092
http://osvdb.org/76628
http://www.dlink-jp.com/page/sc/F/security_info20111028.html
http://www.securityfocus.com/bid/50405

History

No history.

MITRE

Status: PUBLISHED

Assigner: jpcert

Published: 2011-11-03T17:00:00

Updated: 2024-08-06T23:53:32.547Z

Reserved: 2011-10-05T00:00:00

Link: CVE-2011-3992

Vulnrichment

No data.

NVD

Status : Modified

Published: 2011-11-03T17:55:01.717

Modified: 2018-10-30T16:26:47.450

Link: CVE-2011-3992

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-10-28T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer overflow in the SSH server functionality on the D-Link DES-3800 with firmware before 4.50B052, DWL-2100AP with firmware before 2.50RC548, and DWL-3200AP with firmware before 2.55RC549 allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2012-01-27T10:00:00", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert"}, "references": [{"name": "JVNDB-2011-000092", "tags": ["third-party-advisory", "x_refsource_JVNDB"], "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000092"}, {"name": "76628", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/76628"}, {"name": "50405", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/50405"}, {"name": "JVN#72640744", "tags": ["third-party-advisory", "x_refsource_JVN"], "url": "http://jvn.jp/en/jp/JVN72640744/index.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.dlink-jp.com/page/sc/F/security_info20111028.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vultures@jpcert.or.jp", "ID": "CVE-2011-3992", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Buffer overflow in the SSH server functionality on the D-Link DES-3800 with firmware before 4.50B052, DWL-2100AP with firmware before 2.50RC548, and DWL-3200AP with firmware before 2.55RC549 allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "JVNDB-2011-000092", "refsource": "JVNDB", "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000092"}, {"name": "76628", "refsource": "OSVDB", "url": "http://osvdb.org/76628"}, {"name": "50405", "refsource": "BID", "url": "http://www.securityfocus.com/bid/50405"}, {"name": "JVN#72640744", "refsource": "JVN", "url": "http://jvn.jp/en/jp/JVN72640744/index.html"}, {"name": "http://www.dlink-jp.com/page/sc/F/security_info20111028.html", "refsource": "CONFIRM", "url": "http://www.dlink-jp.com/page/sc/F/security_info20111028.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T23:53:32.547Z"}, "title": "CVE Program Container", "references": [{"name": "JVNDB-2011-000092", "tags": ["third-party-advisory", "x_refsource_JVNDB", "x_transferred"], "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000092"}, {"name": "76628", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/76628"}, {"name": "50405", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/50405"}, {"name": "JVN#72640744", "tags": ["third-party-advisory", "x_refsource_JVN", "x_transferred"], "url": "http://jvn.jp/en/jp/JVN72640744/index.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.dlink-jp.com/page/sc/F/security_info20111028.html"}]}]}, "cveMetadata": {"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2011-3992", "datePublished": "2011-11-03T17:00:00", "dateReserved": "2011-10-05T00:00:00", "dateUpdated": "2024-08-06T23:53:32.547Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:dlink:des-3800:*:*:*:*:*:*:*:*", "matchCriteriaId": "BFFA8FFC-3CCD-47C1-8B6B-7071A283D5A0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:dlink:des-3800_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "41386104-F07D-4EB6-ABC2-02F3A578BE2F", "versionEndIncluding": "4.50", "vulnerable": true}, {"criteria": "cpe:2.3:o:dlink:des-3800_firmware:4.00:*:*:*:*:*:*:*", "matchCriteriaId": "06B0C1F9-4A48-4CA6-9209-688E0D1D5353", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dwl-2100ap:*:*:*:*:*:*:*:*", "matchCriteriaId": "5CF115B9-732C-4E3F-8CDF-485586B9B3E3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:dlink:dwl-2100ap_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "705CD51A-C49B-4B93-A5EB-9BE37D0A93C9", "versionEndIncluding": "2.50", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dwl-3200ap:*:*:*:*:*:*:*:*", "matchCriteriaId": "CCF540F8-D43F-48AE-A3E5-5BEF52494021", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:dlink:dwl-3200ap_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D69E7AC5-DE24-457E-A8EF-BA5C3F6A327F", "versionEndIncluding": "2.55", "vulnerable": true}, {"criteria": "cpe:2.3:a:dlink:dwl-3200ap_firmware:2.40:*:*:*:*:*:*:*", "matchCriteriaId": "D7FD3A76-BBAC-4AE8-9C3B-5A1F3968E1B1", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Buffer overflow in the SSH server functionality on the D-Link DES-3800 with firmware before 4.50B052, DWL-2100AP with firmware before 2.50RC548, and DWL-3200AP with firmware before 2.55RC549 allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer en la funcionalidad de servidor SSH en D-Link DES-3800 con firmware anterior a v4.50B052, DWL-2100AP con firmware anterior a v2.50RC548, y DWL-3200AP con firmware anterior a v2.55RC549 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n o causar una denegaci\u00f3n de servicio a trav\u00e9s de vectores desconocidos."}], "id": "CVE-2011-3992", "lastModified": "2018-10-30T16:26:47.450", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-11-03T17:55:01.717", "references": [{"source": "vultures@jpcert.or.jp", "url": "http://jvn.jp/en/jp/JVN72640744/index.html"}, {"source": "vultures@jpcert.or.jp", "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000092"}, {"source": "vultures@jpcert.or.jp", "url": "http://osvdb.org/76628"}, {"source": "vultures@jpcert.or.jp", "url": "http://www.dlink-jp.com/page/sc/F/security_info20111028.html"}, {"source": "vultures@jpcert.or.jp", "url": "http://www.securityfocus.com/bid/50405"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}