CVE-2006-3687 - Vulnerability Details - OpenCVE

Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in D-Link DI-524, DI-604 Broadband Router, DI-624, D-Link DI-784, WBR-1310 Wireless G Router, WBR-2310 RangeBooster G Router, and EBR-2310 Ethernet Broadband Router allows remote attackers to execute arbitrary code via a long M-SEARCH request to UDP port 1900.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
D-link	Di-604 Broadband Router Di-784 Ebr-2310 Ethernet Broadband Router Wbr-1310 Wireless G Router Wbr-2310 Rangebooster G Router
Dlink	Di-524 Di-624

Configuration 1 [-]

OR	cpe:2.3:h:d-link:di-604_broadband_router::::::::
	cpe:2.3:h:d-link:di-784::::::::
	cpe:2.3:h:d-link:ebr-2310_ethernet_broadband_router::::::::
	cpe:2.3:h:d-link:wbr-1310_wireless_g_router::::::::
	cpe:2.3:h:d-link:wbr-2310_rangebooster_g_router::::::::
	cpe:2.3:h:dlink:di-524::::::::
	cpe:2.3:h:dlink:di-624::::::::

No data.

References

Link	Providers
http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0363.html
http://secunia.com/advisories/21081
http://securitytracker.com/id?1016511
http://www.eeye.com/html/research/advisories/AD20060714.html
http://www.kb.cert.org/vuls/id/971705
http://www.osvdb.org/27333
http://www.securityfocus.com/archive/1/440298/100/0/threaded
http://www.securityfocus.com/archive/1/440852/100/100/threaded
http://www.securityfocus.com/bid/19006
http://www.vupen.com/english/advisories/2006/2829
https://exchange.xforce.ibmcloud.com/vulnerabilities/27755

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-07-18T21:00:00

Updated: 2024-08-07T18:39:53.876Z

Reserved: 2006-07-18T00:00:00

Link: CVE-2006-3687

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2006-07-21T14:03:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2006-3687

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-07-13T00:00:00", "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in D-Link DI-524, DI-604 Broadband Router, DI-624, D-Link DI-784, WBR-1310 Wireless G Router, WBR-2310 RangeBooster G Router, and EBR-2310 Ethernet Broadband Router allows remote attackers to execute arbitrary code via a long M-SEARCH request to UDP port 1900."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-18T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20060717 [EEYEB-20060227] D-Link Router UPNP Stack Overflow", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0363.html"}, {"name": "20060717 [EEYEB-20060227] D-Link Router UPNP Stack Overflow", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/440298/100/0/threaded"}, {"name": "20060722 RE: [EEYEB-20060227] D-Link Router UPNP Stack Overflow", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/440852/100/100/threaded"}, {"tags": ["x_refsource_MISC"], "url": "http://www.eeye.com/html/research/advisories/AD20060714.html"}, {"name": "21081", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21081"}, {"name": "27333", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/27333"}, {"name": "ADV-2006-2829", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/2829"}, {"name": "VU#971705", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/971705"}, {"name": "19006", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/19006"}, {"name": "1016511", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1016511"}, {"name": "dlink-upnp-bo(27755)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27755"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-3687", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in D-Link DI-524, DI-604 Broadband Router, DI-624, D-Link DI-784, WBR-1310 Wireless G Router, WBR-2310 RangeBooster G Router, and EBR-2310 Ethernet Broadband Router allows remote attackers to execute arbitrary code via a long M-SEARCH request to UDP port 1900."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20060717 [EEYEB-20060227] D-Link Router UPNP Stack Overflow", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0363.html"}, {"name": "20060717 [EEYEB-20060227] D-Link Router UPNP Stack Overflow", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/440298/100/0/threaded"}, {"name": "20060722 RE: [EEYEB-20060227] D-Link Router UPNP Stack Overflow", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/440852/100/100/threaded"}, {"name": "http://www.eeye.com/html/research/advisories/AD20060714.html", "refsource": "MISC", "url": "http://www.eeye.com/html/research/advisories/AD20060714.html"}, {"name": "21081", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21081"}, {"name": "27333", "refsource": "OSVDB", "url": "http://www.osvdb.org/27333"}, {"name": "ADV-2006-2829", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/2829"}, {"name": "VU#971705", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/971705"}, {"name": "19006", "refsource": "BID", "url": "http://www.securityfocus.com/bid/19006"}, {"name": "1016511", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016511"}, {"name": "dlink-upnp-bo(27755)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27755"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T18:39:53.876Z"}, "title": "CVE Program Container", "references": [{"name": "20060717 [EEYEB-20060227] D-Link Router UPNP Stack Overflow", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0363.html"}, {"name": "20060717 [EEYEB-20060227] D-Link Router UPNP Stack Overflow", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/440298/100/0/threaded"}, {"name": "20060722 RE: [EEYEB-20060227] D-Link Router UPNP Stack Overflow", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/440852/100/100/threaded"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.eeye.com/html/research/advisories/AD20060714.html"}, {"name": "21081", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/21081"}, {"name": "27333", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/27333"}, {"name": "ADV-2006-2829", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/2829"}, {"name": "VU#971705", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/971705"}, {"name": "19006", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/19006"}, {"name": "1016511", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1016511"}, {"name": "dlink-upnp-bo(27755)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27755"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-3687", "datePublished": "2006-07-18T21:00:00", "dateReserved": "2006-07-18T00:00:00", "dateUpdated": "2024-08-07T18:39:53.876Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:d-link:di-604_broadband_router:*:*:*:*:*:*:*:*", "matchCriteriaId": "FBCE20D2-7EA1-43D0-A6F5-24FD81818326", "vulnerable": true}, {"criteria": "cpe:2.3:h:d-link:di-784:*:*:*:*:*:*:*:*", "matchCriteriaId": "6154B777-7263-4AF6-AD24-589D7DD5B1CF", "vulnerable": true}, {"criteria": "cpe:2.3:h:d-link:ebr-2310_ethernet_broadband_router:*:*:*:*:*:*:*:*", "matchCriteriaId": "F1B18332-54DF-45C4-9D8E-95C4D2F598C8", "vulnerable": true}, {"criteria": "cpe:2.3:h:d-link:wbr-1310_wireless_g_router:*:*:*:*:*:*:*:*", "matchCriteriaId": "8D69AC68-EC86-4607-ABDB-75897907CAB1", "vulnerable": true}, {"criteria": "cpe:2.3:h:d-link:wbr-2310_rangebooster_g_router:*:*:*:*:*:*:*:*", "matchCriteriaId": "A57C817A-E969-4B1B-A898-C61A3D1EE662", "vulnerable": true}, {"criteria": "cpe:2.3:h:dlink:di-524:*:*:*:*:*:*:*:*", "matchCriteriaId": "71AA4CB4-DE99-412C-B02E-57A5EC0802E8", "vulnerable": true}, {"criteria": "cpe:2.3:h:dlink:di-624:*:*:*:*:*:*:*:*", "matchCriteriaId": "BADE3827-C247-47A7-B7CF-DE7EC8F0CD3D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in D-Link DI-524, DI-604 Broadband Router, DI-624, D-Link DI-784, WBR-1310 Wireless G Router, WBR-2310 RangeBooster G Router, and EBR-2310 Ethernet Broadband Router allows remote attackers to execute arbitrary code via a long M-SEARCH request to UDP port 1900."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en pila en el servicio Universal Plug and Play (UPnP) de D-Link DI-524, DI-604 Broadband Router, DI-624, D-Link DI-784, WBR-1310 Wireless G Router, WBR-2310 RangeBooster G Router, and EBR-2310 Ethernet Broadband Router permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante una petici\u00f3n M-SEARCH larga al puerto UDP 1900."}], "id": "CVE-2006-3687", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-07-21T14:03:00.000", "references": [{"source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0363.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/21081"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1016511"}, {"source": "cve@mitre.org", "url": "http://www.eeye.com/html/research/advisories/AD20060714.html"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/971705"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/27333"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/440298/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/440852/100/100/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/19006"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/2829"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27755"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0363.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/21081"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1016511"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.eeye.com/html/research/advisories/AD20060714.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/971705"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/27333"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/440298/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/440852/100/100/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/19006"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/2829"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27755"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}