CVE-2006-3687: Buffer Overflow
First published: Fri Jul 21 2006(Updated: )
Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in D-Link DI-524, DI-604 Broadband Router, DI-624, D-Link DI-784, WBR-1310 Wireless G Router, WBR-2310 RangeBooster G Router, and EBR-2310 Ethernet Broadband Router allows remote attackers to execute arbitrary code via a long M-SEARCH request to UDP port 1900.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| D-Link DI-604 Broadband Router | ||
| D-Link DI-784 | ||
| D-Link EBR-2310 Ethernet Broadband Router | ||
| D-Link Wireless Router | ||
| D-Link WBR-2310 RangeBooster G Router | ||
| D-Link DI-524 | ||
| D-Link DI-624 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.eeye.com/html/research/advisories/AD20060714.html
- http://secunia.com/advisories/21081
- http://www.securityfocus.com/bid/19006
- http://securitytracker.com/id?1016511
- http://www.kb.cert.org/vuls/id/971705
- http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0363.html
- http://www.osvdb.org/27333
- http://www.vupen.com/english/advisories/2006/2829
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27755
- http://www.securityfocus.com/archive/1/440852/100/100/threaded
- http://www.securityfocus.com/archive/1/440298/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2006-3687?
CVE-2006-3687 is considered critical due to the potential for remote code execution.
How do I fix CVE-2006-3687?
To fix CVE-2006-3687, you should update your D-Link router firmware to the latest version provided by the manufacturer.
What devices are affected by CVE-2006-3687?
CVE-2006-3687 affects various D-Link routers including the DI-524, DI-604, DI-624, DI-784, WBR-1310, WBR-2310, and EBR-2310.
Can CVE-2006-3687 be exploited without authentication?
Yes, CVE-2006-3687 can be exploited remotely without requiring authentication.
What are the potential impacts of exploiting CVE-2006-3687?
Exploiting CVE-2006-3687 could allow attackers to execute arbitrary code on the targeted D-Link router.
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/tags
- agent/softwarecombine
- agent/description
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/d-link
- canonical/d-link di-604 broadband router
- canonical/d-link di-784
- canonical/d-link ebr-2310 ethernet broadband router
- canonical/d-link wireless router
- canonical/d-link wbr-2310 rangebooster g router
- vendor/dlink
- canonical/d-link di-524
- canonical/d-link di-624