CVE-2015-2797

Stack-based buffer overflow in AirTies Air 6372, 5760, 5750, 5650TT, 5453, 5444TT, 5443, 5442, 5343, 5342, 5341, and 5021 DSL modems with firmware 1.0.2.0 and earlier allows remote attackers to execute arbitrary code via a long string in the redirect parameter to cgi-bin/login.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://osvdb.org/show/osvdb/120335
http://www.bmicrosystems.com/blog/exploiting-the-airties-air-series/	Exploit
http://www.securityfocus.com/bid/75355
https://www.exploit-db.com/exploits/36577/	Exploit
https://www.exploit-db.com/exploits/37170/	Exploit
http://osvdb.org/show/osvdb/120335
http://www.bmicrosystems.com/blog/exploiting-the-airties-air-series/	Exploit
http://www.securityfocus.com/bid/75355
https://www.exploit-db.com/exploits/36577/	Exploit
https://www.exploit-db.com/exploits/37170/	Exploit

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:airties:air_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:airties:air_5021:-:::::::*
	cpe:2.3:h:airties:air_5341:-:::::::*
	cpe:2.3:h:airties:air_5342:-:::::::*
	cpe:2.3:h:airties:air_5343:-:::::::*
	cpe:2.3:h:airties:air_5442:-:::::::*
	cpe:2.3:h:airties:air_5443:-:::::::*
	cpe:2.3:h:airties:air_5444tt:-:::::::*
	cpe:2.3:h:airties:air_5453:-:::::::*
	cpe:2.3:h:airties:air_5650tt:-:::::::*
	cpe:2.3:h:airties:air_5750:-:::::::*
	cpe:2.3:h:airties:air_5760:-:::::::*
	cpe:2.3:h:airties:air_6372:-:::::::*

History

21 Nov 2024, 02:28

Type	Values Removed	Values Added
References	~~() http://osvdb.org/show/osvdb/120335 -~~	() http://osvdb.org/show/osvdb/120335 -
References	~~() http://www.bmicrosystems.com/blog/exploiting-the-airties-air-series/ - Exploit~~	() http://www.bmicrosystems.com/blog/exploiting-the-airties-air-series/ - Exploit
References	~~() http://www.securityfocus.com/bid/75355 -~~	() http://www.securityfocus.com/bid/75355 -
References	~~() https://www.exploit-db.com/exploits/36577/ - Exploit~~	() https://www.exploit-db.com/exploits/36577/ - Exploit
References	~~() https://www.exploit-db.com/exploits/37170/ - Exploit~~	() https://www.exploit-db.com/exploits/37170/ - Exploit

Information

Published : 2015-06-19 14:59

Updated : 2025-04-12 10:46

NVD link : CVE-2015-2797

Mitre link : CVE-2015-2797

CVE.ORG link : CVE-2015-2797

JSON object : View

Products Affected

airties

air_5443
air_5444tt
air_5453
air_5342
air_6372
air_5021
air_firmware
air_5650tt
air_5750
air_5760
air_5341
air_5442
air_5343

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2015-2797", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-06-19T14:59:00.067", "references": [{"url": "http://osvdb.org/show/osvdb/120335", "source": "cve@mitre.org"}, {"url": "http://www.bmicrosystems.com/blog/exploiting-the-airties-air-series/", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/75355", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/36577/", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/37170/", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://osvdb.org/show/osvdb/120335", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.bmicrosystems.com/blog/exploiting-the-airties-air-series/", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/75355", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.exploit-db.com/exploits/36577/", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.exploit-db.com/exploits/37170/", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in AirTies Air 6372, 5760, 5750, 5650TT, 5453, 5444TT, 5443, 5442, 5343, 5342, 5341, and 5021 DSL modems with firmware 1.0.2.0 and earlier allows remote attackers to execute arbitrary code via a long string in the redirect parameter to cgi-bin/login."}, {"lang": "es", "value": "Desbordamiento de buffer basado en pila en los modems DSL AirTies Air 6372, 5760, 5750, 5650TT, 5453, 5444TT, 5443, 5442, 5343, 5342, 5341, y 5021 con firmware 1.0.2.0 y anteriores permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de una cadena larga en el par\u00e1metro redirect en cgi-bin/login."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:airties:air_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D9E3BF5B-3AD2-41F0-8A23-10B6BE96CDB2", "versionEndIncluding": "1.0.2.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:airties:air_5021:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "49870B2D-4B77-445F-88DB-7CD6A4E512A7"}, {"criteria": "cpe:2.3:h:airties:air_5341:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "47BC82F3-28A5-40C1-88A9-F304C2762464"}, {"criteria": "cpe:2.3:h:airties:air_5342:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D241731B-D0BE-4BB8-BE58-64734AED1A95"}, {"criteria": "cpe:2.3:h:airties:air_5343:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "91D4DEFD-EEAA-4570-A2D1-701739524879"}, {"criteria": "cpe:2.3:h:airties:air_5442:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "138FDEFA-8760-4B5C-9E23-56576F637608"}, {"criteria": "cpe:2.3:h:airties:air_5443:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1E68F054-4590-4397-AE1D-25165B483FC9"}, {"criteria": "cpe:2.3:h:airties:air_5444tt:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "652E1DB1-C56B-4CE5-B94C-659D1C5ECEC8"}, {"criteria": "cpe:2.3:h:airties:air_5453:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0C853772-E764-4A0E-818C-9025AFF6CBD0"}, {"criteria": "cpe:2.3:h:airties:air_5650tt:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E565A9FC-B20C-4897-9EFF-78ABE930CFCE"}, {"criteria": "cpe:2.3:h:airties:air_5750:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F4658A79-E2AE-4C90-9B8E-975A3F437AFF"}, {"criteria": "cpe:2.3:h:airties:air_5760:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D1294402-1A4E-4760-A49F-9F280FA3BEB1"}, {"criteria": "cpe:2.3:h:airties:air_6372:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9DB76FCE-3ED8-444E-896D-8745159278E8"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}

10.0 /10