Vulnerabilities > CVE-2013-7308 - Unspecified vulnerability in Dlink Des-3810-28 and Des-3810-28 Firmware
Attack vector
ADJACENT_NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The OSPF implementation on the D-Link DES-3810-28 switch with firmware R2.20.B017 does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149. Per: http://cwe.mitre.org/data/definitions/694.html "CWE-694: Use of Multiple Resources with Duplicate Identifier"
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 1 | |
| Hardware | 1 |
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 65161 CVE(CAN) ID: CVE-2013-7308 Dlink,友讯科技股份有限公司,专注于无线网络和以太网路硬件产品的设计开发。 D-Link DES-3810-28交换机(固件版本R2.20.B017)的OSPF实现中,没有考虑LSA数据库操作之前LSA数据包内存在重复的Link State ID值,这可使远程攻击者通过特制的LSA数据包,利用此漏洞造成拒绝服务(路由中断)或获取敏感的数据包信息。 0 D-Link DES-3810-28 R2.20.B017 厂商补丁: D-Link ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.dlink.ru/mn/products/1/1359.html |
| id | SSV:61492 |
| last seen | 2017-11-19 |
| modified | 2014-02-20 |
| published | 2014-02-20 |
| reporter | Root |
| title | D-Link多款路由器产品远程安全限制绕过漏洞 |