Vulnerabilities > CVE-2019-6963 - Out-of-bounds Write vulnerability in Rdkcentral Rdkb Ccsppandm Rdkb201812171

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

rdkcentral

CWE-787

NVD

Published: 2019-06-20

Updated: 2020-08-24

Summary

A heap-based buffer overflow in cosa_dhcpv4_dml.c in the RDK RDKB-20181217-1 CcspPandM module may allow attackers with login credentials to achieve remote code execution by crafting a long buffer in the "Comment" field of an IP reservation form in the admin panel. This is related to the CcspCommonLibrary module.

Vulnerable Configurations

Part	Description	Count
Application	Rdkcentral Rdkcentral Rdkb Ccsppandm Rdkb-20181217-1	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://dojo.bullguard.com/dojo-by-bullguard/blog/the-gateway-is-wide-open