| ID |
CVE-2019-8985
|
| Sažetak |
On Netis WF2411 with firmware 2.1.36123 and other Netis WF2xxx devices (possibly WF2411 through WF2880), there is a stack-based buffer overflow that does not require authentication. This can cause denial of service (device restart) or remote code execution. This vulnerability can be triggered by a GET request with a long HTTP "Authorization: Basic" header that is mishandled by user_auth->user_ok in /bin/boa. |
| Reference |
|
| CVSS |
| Base: | 9.0 |
| Impact: | 8.5 |
| Exploitability: | 10.0 |
|
| Pristup |
| Vektor | Složenost | Autentikacija |
| NETWORK |
LOW |
NONE |
|
| Impact |
| Povjerljivost | Cjelovitost | Dostupnost |
| PARTIAL |
PARTIAL |
COMPLETE |
|
| CVSS vektor |
AV:N/AC:L/Au:N/C:P/I:P/A:C |
| Zadnje važnije ažuriranje |
24-08-2020 - 17:37 |
| Objavljeno |
21-02-2019 - 19:29 |
