CVE-2018-16596
Severity CVSS v4.0:
Pending analysis
Type:
CWE-787
Out-of-bounds Write
Publication date:
17/12/2018
Last modified:
24/08/2020
Description
A stack-based buffer overflow in the LAN UPnP service running on UDP port 1900 of Swisscom Internet-Box (2, Standard, and Plus) prior to v09.04.00 and Internet-Box light prior to v08.05.02 allows remote code execution. No authentication is required to exploit this vulnerability. Sending a simple UDP packet to port 1900 allows an attacker to execute code on a remote device. However, this is only possible if the attacker is inside the LAN. Because of ASLR, the success rate is not 100% and leads instead to a DoS of the UPnP service. The remaining functionality of the Internet Box is not affected. A reboot of the Internet Box is necessary to attempt the exploit again.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Base Score 2.0
5.40
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:swisscom:internet-box_standard_firmware:*:*:*:*:*:*:*:* | 09.04.00 (excluding) | |
| cpe:2.3:h:swisscom:internet-box_2:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:swisscom:internet-box_standard:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:swisscom:internet-box_light_firmware:*:*:*:*:*:*:*:* | 08.05.02 (excluding) | |
| cpe:2.3:h:swisscom:internet-box_light:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:swisscom:internet-box_plus_firmware:*:*:*:*:*:*:*:* | 09.04.00 (excluding) | |
| cpe:2.3:h:swisscom:internet-box_plus:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:swisscom:internet-box_2_firmware:*:*:*:*:*:*:*:* | 09.04.00 (including) | |
| cpe:2.3:h:swisscom:internet-box_2:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page