CVE-2019-6964
Last modified
CVE-2019-6964 is a vulnerability of currently unknown severity. A heap-based buffer over-read in Service_SetParamStringValue in cosa_x_cisco_com_ddns_dml.c of the RDK RDKB-20181217-1 CcspPandM module may allow attackers with login credentials to achieve information disclosure and code execution by crafting an AJAX call responsible for DDNS configuration with an exactly 64-byte username, password, or domain, for which the buffer size is insufficient for the final '\0' character. This is related to the CcspCommonLibrary and WebUI modules.. EPSS estimates a 1.79% chance of exploitation in the next 30 days.
Description
A heap-based buffer over-read in Service_SetParamStringValue in cosa_x_cisco_com_ddns_dml.c of the RDK RDKB-20181217-1 CcspPandM module may allow attackers with login credentials to achieve information disclosure and code execution by crafting an AJAX call responsible for DDNS configuration with an exactly 64-byte username, password, or domain, for which the buffer size is insufficient for the final '\0' character. This is related to the CcspCommonLibrary and WebUI modules.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Rdkcentral | Rdkb Ccsppandm | rdkb-20181217-1 |
References
- https://dojo.bullguard.com/dojo-by-bullguard/blog/the-gateway-is-wide-openThird Party Advisory
- https://dojo.bullguard.com/dojo-by-bullguard/blog/the-gateway-is-wide-openThird Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-6964?
How severe is CVE-2019-6964?
How do I fix CVE-2019-6964?
Are you affected by CVE-2019-6964?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST