Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-1865

4 documents4 sources

Severity

5.0MEDIUM

EPSS

5.7%

top 9.59%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

D-link Di-804 D-link Dl-704 Linksys Befw11s4 +1 more

Timeline

PublishedDec 31

Latest updateApr 30

Description

Buffer overflow in the Embedded HTTP server, as used in (1) D-Link DI-804 4.68, Dl-704 V2.56b6, and Dl-704 V2.56b5 and (2) Linksys Etherfast BEFW11S4 Wireless AP + Cable/DSL Router 1.37.2 through 1.42.7 and Linksys WAP11 1.3 and 1.4, allows remote attackers to cause a denial of service (crash) via a long header, as demonstrated using the Host header.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages4 packages

▶NVDlinksys/wap111.3, 1.4+1

▶NVDlinksys/befw11s46 versions+5

▶NVDd-link/di-8044.68

▶NVDd-link/dl-7042.56_b5, 2.56_b6+1

🔴Vulnerability Details

GHSA

GHSA-2gm5-h3fj-mwv3: Buffer overflow in the Embedded HTTP server, as used in (1) D-Link DI-804 4↗2022-04-30

▶

CVEList

CVE-2002-1865: Buffer overflow in the Embedded HTTP server, as used in (1) D-Link DI-804 4↗2005-06-28

▶

💥Exploits & PoCs

Exploit-DB

Linksys WAP11 1.3/1.4 / D-Link DI-804 4.68/Dl-704 2.56 b5 - Embedded HTTP Server Denial of Service↗2002-11-01

▶