CVE-2016-1558

Name: CVE-2016-1558
Creator: NVD / NIST
Published: 2017-04-21T15:59:00.457+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 9.10%

Last modified Jun 17, 2026

CVE-2016-1558 is a vulnerability of currently unknown severity. Buffer overflow in D-Link DAP-2310 2.06 and earlier, DAP-2330 1.06 and earlier, DAP-2360 2.06 and earlier, DAP-2553 H/W ver. B1 3.05 and earlier, DAP-2660 1.11 and earlier, DAP-2690 3.15 and earlier, DAP-2695 1.16 and earlier, DAP-3320 1.00 and earlier, and DAP-3662 1.01 and earlier allows remote attackers to have unspecified impact via a crafted 'dlink_uid' cookie.. EPSS estimates a 9.10% chance of exploitation in the next 30 days.

Description

Buffer overflow in D-Link DAP-2310 2.06 and earlier, DAP-2330 1.06 and earlier, DAP-2360 2.06 and earlier, DAP-2553 H/W ver. B1 3.05 and earlier, DAP-2660 1.11 and earlier, DAP-2690 3.15 and earlier, DAP-2695 1.16 and earlier, DAP-3320 1.00 and earlier, and DAP-3662 1.01 and earlier allows remote attackers to have unspecified impact via a crafted 'dlink_uid' cookie.

Metrics

EPSS Probability

9.10%

94.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-119

Affected Software

Vendor	Product	Versions
Dlink	Dap-3662 Firmware	1.01
Dlink	Dap-2310 Firmware	2.06
Dlink	Dap-2330 Firmware	1.06
Dlink	Dap-2360 Firmware	2.06
Dlink	Dap-2553 Firmware	3.05
Dlink	Dap-2660 Firmware	1.11
Dlink	Dap-2690 Firmware	3.15
Dlink	Dap-2695 Firmware	1.16
Dlink	Dap-3320 Firmware	1.00
Dlink	Dap-2230 Firmware	1.02

References

http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.htmlBroken Link, Third Party Advisory, VDB Entry
http://seclists.org/fulldisclosure/2016/Feb/112Mailing List, Third Party Advisory
http://www.dlink.com/mk/mk/support/support-news/2016/march/16/firmadyne-cve_2016_1558-cve_2016_1559Patch, Vendor Advisory
http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.htmlBroken Link, Third Party Advisory, VDB Entry
http://seclists.org/fulldisclosure/2016/Feb/112Mailing List, Third Party Advisory
http://www.dlink.com/mk/mk/support/support-news/2016/march/16/firmadyne-cve_2016_1558-cve_2016_1559Patch, Vendor Advisory

Timeline

Published: Apr 21, 2017
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2016-1558?

How severe is CVE-2016-1558?

Severity scoring for CVE-2016-1558 is pending analysis. The EPSS model estimates a 9.10% probability of exploitation in the next 30 days.

How do I fix CVE-2016-1558?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2016-1558?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST