Vulnerabilities > CVE-2019-6963 - Out-of-bounds Write vulnerability in Rdkcentral Rdkb Ccsppandm Rdkb201812171

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

rdkcentral

CWE-787

NVD

Published: 2019-06-20

Updated: 2020-08-24

Summary

A heap-based buffer overflow in cosa_dhcpv4_dml.c in the RDK RDKB-20181217-1 CcspPandM module may allow attackers with login credentials to achieve remote code execution by crafting a long buffer in the "Comment" field of an IP reservation form in the admin panel. This is related to the CcspCommonLibrary module.

Vulnerable Configurations

Part	Description	Count
Application	Rdkcentral Rdkcentral Rdkb Ccsppandm Rdkb-20181217-1	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://dojo.bullguard.com/dojo-by-bullguard/blog/the-gateway-is-wide-open