Vulnerability Details : CVE-2007-1435
Public exploit exists!
Buffer overflow in D-Link TFTP Server 1.0 allows remote attackers to cause a denial of service (crash) via a long (1) GET or (2) PUT request, which triggers memory corruption. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Vulnerability category: OverflowMemory CorruptionDenial of service
Products affected by CVE-2007-1435
- cpe:2.3:a:d-link:tftp_server:1.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-1435
57.32%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2007-1435
-
D-Link TFTP 1.0 Long Filename Buffer Overflow
Disclosure Date: 2007-03-12First seen: 2020-04-26exploit/windows/tftp/dlink_long_filenameThis module exploits a stack buffer overflow in D-Link TFTP 1.0. By sending a request for an overly long file name, an attacker could overflow a buffer and execute arbitrary code. For best results, use bind payloads with nonx (No NX). Authors: - LSO <lso@h
CVSS scores for CVE-2007-1435
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
References for CVE-2007-1435
-
http://www.securityfocus.com/bid/22923
D-Link TFTP Transporting Mode Remote Buffer Overflow Vulnerability
Jump to