Buffer overflow in CVR100W Wireless-N VPN Router - CVE-2017-3882
Published: May 5, 2017 / Updated: May 5, 2017
Vulnerability identifier: #VU6425
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2017-3882
CWE-ID: CWE-119
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
CVR100W Wireless-N VPN Router
CVR100W Wireless-N VPN Router
Detailed vulnerability description
The vulnerability allows an unauthenticated, Layer 2–adjacent attacker to cause DoS condition or execute arbitrary code on the target system.
The weakness exists due to buffer overflow caused by incomplete range checks of the UPnP input data. An attacker can send a malicious request to the UPnP listening port, trigger memory corruption, cause the device to reload or potentially execute arbitrary code with root privileges.
Successful exploitation of the vulnerability may result in denial of service or arbitrary code execution.
The weakness exists due to buffer overflow caused by incomplete range checks of the UPnP input data. An attacker can send a malicious request to the UPnP listening port, trigger memory corruption, cause the device to reload or potentially execute arbitrary code with root privileges.
Successful exploitation of the vulnerability may result in denial of service or arbitrary code execution.
How to mitigate CVE-2017-3882
Update to version 1.0.1.22.