CVE-2016-1558

Name of the Vulnerable Software and Affected Versions D-Link DAP-2310 versions 2.06 and earlier D-Link DAP-2330 versions 1.06 and earlier D-Link DAP-2360 versions 2.06 and earlier D-Link DAP-2553 H/W ver. B1 versions 3.05 and earlier D-Link DAP-2660 versions 1.11 and earlier D-Link DAP-2690 versions 3.15 and earlier D-Link DAP-2695 versions 1.16 and earlier D-Link DAP-3320 versions 1.00 and earlier D-Link DAP-3662 versions 1.01 and earlier

Description The issue is related to a buffer overflow in the D-Link router firmware, which can be exploited by a remote attacker using a specially crafted dlink uid cookie parameter. This may allow the attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations For D-Link DAP-2310 versions 2.06 and earlier, update to a version later than 2.06. For D-Link DAP-2330 versions 1.06 and earlier, update to a version later than 1.06. For D-Link DAP-2360 versions 2.06 and earlier, update to a version later than 2.06. For D-Link DAP-2553 H/W ver. B1 versions 3.05 and earlier, update to a version later than 3.05. For D-Link DAP-2660 versions 1.11 and earlier, update to a version later than 1.11. For D-Link DAP-2690 versions 3.15 and earlier, update to a version later than 3.15. For D-Link DAP-2695 versions 1.16 and earlier, update to a version later than 1.16. For D-Link DAP-3320 versions 1.00 and earlier, update to a version later than 1.00. For D-Link DAP-3662 versions 1.01 and earlier, update to a version later than 1.01. As a temporary workaround, consider restricting access to the dlink uid cookie parameter until a patch is available.