APP: D-Link Router SEARCH/NOTIFY Buffer Overflow
This signature detects possible attempts to exploit a known vulnerability in the D-Link router UPNP. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the system.
Extended Description
D-Link wired and wireless routers are prone to a buffer-overflow vulnerability because these devices fail to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. Successful exploits can allow remote attackers to execute arbitrary machine code in the context of the affected device.
Affected Products
D-link wbr-2310
References
BugTraq: 19006
CVE: CVE-2006-3687
URL: http://www.eeye.com/html/research/advisories/AD20060714.html http://www.frsirt.com/english/advisories/2006/2829
Short Name
APP:UPNP:DLINK-SEARCH-NOTIFY
Severity
Minor
Recommended
False
Recommended Action
None
Category
APP
Keywords
Buffer CVE-2006-3687 D-Link Overflow Router SEARCH/NOTIFY bid:19006
Release Date
11/16/2006
Supported Platforms
srx-branch-19.3
vsrx3bsd-19.2
srx-19.4
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
vsrx-19.2
srx-19.3
srx-branch-12.3
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx-12.3
vmx-19.3
srx-12.3
Sigpack Version
3728
Port
UDP/1900
False Positive
Unknown
Vendors
D-link
CVSS Score
7.5