17 Déc 2018
CVE-2018-16596 - CVE Vulnerability
A stack-based buffer overflow in the LAN UPnP service running on UDP port 1900 of Swisscom Internet-Box (2, Standard, and Plus) prior to v09.04.00 and Internet-Box light prior to v08.05.02 allows remote code execution. No authentication is required to exploit this vulnerability. Sending a simple UDP packet to port 1900 allows an attacker to execute code on a remote device. However, this is only possible if the attacker is inside the LAN. Because of ASLR, the success rate is not 100% and leads instead to a DoS of the UPnP service. The remaining functionality of the Internet Box is not affected. A reboot of the Internet Box is necessary to attempt the exploit again. (CVSS:0.0) (Last Update:2018-12-17)
Vulnerability Details : A stack-based buffer overflow in the LAN UPnP service running on UDP port 1900 of Swisscom Internet-Box (2, Standard, and Plus) prior to v09.04.00 and Internet-Box light prior to v08.05.02 allows remote code execution. No authentication is required to exploit this vulnerability. Sending a simple UDP packet to port 1900 allows an attacker to execute code on a remote device. However, this is only possible if the attacker is inside the LAN. Because of ASLR, the success rate is not 100% and leads instead to a DoS of the UPnP service. The remaining functionality of the Internet Box is not affected. A reboot of the Internet Box is necessary to attempt the exploit again. Publish Date : 2018-12-17 Last Update Date : 2018-12-17 - CVSS Scores & Vulnerability Types
- Products Affected By CVE-2018-16596
- References For CVE-2018-16596
| ||||||||||||||||||||||||||||||||||||||||||||||
- Metasploit Modules Related To CVE-2018-16596There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information) |