CVE-2019-6964
Summary
| CVE | CVE-2019-6964 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-06-20 14:15:00 UTC |
| Updated | 2019-06-28 14:16:00 UTC |
| Description | A heap-based buffer over-read in Service_SetParamStringValue in cosa_x_cisco_com_ddns_dml.c of the RDK RDKB-20181217-1 CcspPandM module may allow attackers with login credentials to achieve information disclosure and code execution by crafting an AJAX call responsible for DDNS configuration with an exactly 64-byte username, password, or domain, for which the buffer size is insufficient for the final '\0' character. This is related to the CcspCommonLibrary and WebUI modules. |
Risk And Classification
Problem Types: CWE-125
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Rdkcentral | Rdkb Ccsppandm | rdkb-20181217-1 | All | All | All |
| Application | Rdkcentral | Rdkb Ccsppandm | rdkb-20181217-1 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| BullGuard 2021 | Antivirus and VPN for your home and business | MISC | dojo.bullguard.com | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.