A stack-based buffer overflow in the LAN UPnP service running on UDP port 1900 of Swisscom Internet-Box (2, Standard, and Plus) prior to v09.04.00 and Internet-Box light prior to v08.05.02 allows remote code execution. No authentication is required to exploit this vulnerability. Sending a simple UDP packet to port 1900 allows an attacker to execute code on a remote device. However, this is only possible if the attacker is inside the LAN. Because of ASLR, the success rate is not 100% and leads instead to a DoS of the UPnP service. The remaining functionality of the Internet Box is not affected. A reboot of the Internet Box is necessary to attempt the exploit again.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-05T10:24:32.998Z

Reserved: 2018-09-06T00:00:00

Link: CVE-2018-16596

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-12-17T19:29:00.533

Modified: 2024-11-21T03:53:01.403

Link: CVE-2018-16596

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.