Font Size Change

HOMEIT SecurityMeasures for Information Security VulnerabilitiesIPA/ISEC:Vulnerabilities:Security Alert for Vulnerability in Multiple D-Link Products

PRINT PAGE

IT Security

IPA/ISEC:Vulnerabilities:Security Alert for Vulnerability in Multiple D-Link Products

Published: Oct 28, 2011
>> JAPANESE

Information-technology Promotion Agency, Japan (IPA, Chairman Kazumasa Fujie) has issued a security alert concerning security vulnerability in multiple D-Link products on October 28, 2011. To fix this vulnerability, update the firmware to the latest version or disable the SSH feature.

1.Overview

The DES-3800, DWL-2100AP and DWL-3200AP series are network devices, such as wireless LAN access points, from D-Link Japan K.K. These products are vulnerable to buffer overflow due to a flaw in the SSH implementation. If exploited, the vulnerability could allow an attacker to stop the services or execute arbitrary code on the vulnerable D-Link products.

Get the fixed version at the following URL and update the firmware.
http://www.dlink-jp.com/page/sc/F/security_info.html (Japanese)
For the latest information, refer to the following URL:
http://jvndb.jvn.jp/jvndb/JVNDB-2011-000092

In line with the Information Security Early Warning Partnership, the IPA received a report concerning this vulnerability through the creditee below, and the JPCERT Coordination Center (JPCERT/CC) made adjustments to clarify the matter with the product developer and made it public on October 28, 2011.

Credit: Hisashi Kojima and Masahiro Nakada Fujitsu Laboratories Ltd.
(Reported: August 4, 2011)

2.Impact

An attacker could stop the services or execute arbitrary code on the vulnerable D-Link products.

Security Alert for Vulnerability in Ichitaro Series

3.Solution

To fix this vulnerability, update the firmware to the latest version or disable the SSH feature.

4.CVSS Severity

(1)Evaluation Result

Severity Rating
(CVSS base score)
□ Low
(0.0~3.9)
□Medium
(4.0~6.9)
■ High
(7.0~10.0)
CVSS base score  
10.0

(2) Base Score Metrics

AV:Access Vector □ Local □ Adjacent
 Network
■ Network
AC:Access Complexity □ High □ Medium ■ Low
Au:Authentication □ Multiple □ Single ■ None
C:Confidentiality Impact □ None □ Partial ■ Complete
I:Integrity Impact □ None □ Partial ■ Complete
A:Availability Impact □ None □ Partial ■ Complete

■:Selected Values

5.CWE Type

This vulnerability has been CWE classified as "Buffer Errors (CWE-119)".

Contact

IT Security Center,
Information-technology Promotion Agency, Japan (ISEC/IPA)
E-mail: