CVE-2017-3193

moderate-risk
Published 2017-12-16

Multiple D-Link devices including the DIR-850L firmware versions 1.14B07 and 2.07.B05 contain a stack-based buffer overflow vulnerability in the web administration interface HNAP service.

Do I need to act?

~
1.1% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
ADJACENT_NETWORK / LOW complexity

Affected Products (2)

Affected Vendors

Dlink

References (10)

Third Party Advisory http://www.securityfocus.com/bid/96747
Patch https://tools.cisco.com/security/center/viewAlert.x?alertId=52967
Third Party Advisory https://twitter.com/NCCGroupInfosec/status/845269159277723649
Third Party Advisory https://www.kb.cert.org/vuls/id/305448
Third Party Advisory https://www.nccgroup.trust/uk/our-research/d-link-dir-850l-web-admin-interface-v...
Third Party Advisory http://www.securityfocus.com/bid/96747
Patch https://tools.cisco.com/security/center/viewAlert.x?alertId=52967
Third Party Advisory https://twitter.com/NCCGroupInfosec/status/845269159277723649
Third Party Advisory https://www.kb.cert.org/vuls/id/305448
Third Party Advisory https://www.nccgroup.trust/uk/our-research/d-link-dir-850l-web-admin-interface-v...
37
/ 100
moderate-risk
Severity 27/34 · High
Exploitability 3/34 · Minimal
Exposure 7/34 · Low