CVE-2019-6963

Name of the Vulnerable Software and Affected Versions RDK RDKB-20181217-1 CcspPandM module

Description A heap-based buffer overflow issue exists, potentially allowing attackers with login credentials to achieve remote code execution. This can be done by crafting a long buffer in the Comment field of an IP reservation form in the admin panel. The issue is related to the CcspCommonLibrary module.

Recommendations For RDK RDKB-20181217-1 CcspPandM module, consider restricting access to the admin panel to minimize the risk of exploitation. As a temporary workaround, avoid using the Comment field in the IP reservation form until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.