Integer Signedness Error in D-Link AirPlus DI-614+ Due to DHCP Vulnerability
CVE-2004-0661

Currently unrated

Key Information:

Vendor: D-link
Status: Di-624; Di-614\+; Di-604
Vendor: CVE Published:; 6 August 2004

What is CVE-2004-0661?

An integer signedness error in the D-Link AirPlus DI-614+ router, specifically in firmware versions 2.30 and earlier, allows remote attackers to exploit the DHCP service. By sending a crafted DHCP request with the LEASETIME option set to -1, an attacker can cause the device to enter a denial-of-service state due to IP lease depletion. This bug could enable an attacker to exhaust the DHCP leases, rendering network accessibility impossible for legitimate users.

References

http://www.securityfocus.com/bid/10621

vdb-entryx_refsource_BID

http://marc.info/?l=bugtraq&m=108844250013785&w=2

mailing-listx_refsource_BUGTRAQ

http://www.osvdb.org/7294

vdb-entryx_refsource_OSVDB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 6, 2004
Vulnerability Reserved
Jul 12, 2004

D-link

What is CVE-2004-0661?

References

Timeline