Published: 09/02/2017 Updated: 22/02/2021

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox prior to 1.25.0 allows remote malicious users to have unspecified impact via vectors involving OPTION_6RD parsing.

Vulnerable Product	Search on Vulmon	Subscribe to Product
busybox busybox
debian debian linux 8.0
debian debian linux 9.0
canonical ubuntu linux 14.04
canonical ubuntu linux 16.04
canonical ubuntu linux 18.04
canonical ubuntu linux 18.10

Several security issues were fixed in BusyBox ...

Debian Bug report logs - #818497 busybox: CVE-2016-2148: heap overflow in OPTION_6RD parsing Package: src:busybox; Maintainer for src:busybox is Debian Install System Team <debian-boot@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 17 Mar 2016 16:27:01 UTC Severity: normal Tags: f ...

Debian Bug report logs - #802702 CVE-2011-5325: busybox: Directory traversal via crafted tar file which contains a symlink pointing outside of the current directory Package: busybox; Maintainer for busybox is Debian Install System Team <debian-boot@listsdebianorg>; Source for busybox is src:busybox (PTS, buildd, popcon) Re ...

Debian Bug report logs - #818499 busybox: CVE-2016-2147: OOB heap write due to integer underflow Package: src:busybox; Maintainer for src:busybox is Debian Install System Team <debian-boot@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 17 Mar 2016 16:30:06 UTC Severity: normal Tag ...

Debian Bug report logs - #803097 busybox: CVE-2015-9261: segmentation fault while unzipping bad archive Package: busybox; Maintainer for busybox is Debian Install System Team <debian-boot@listsdebianorg>; Source for busybox is src:busybox (PTS, buildd, popcon) Reported by: Henri Salo <henri@nervfi> Date: Mon, 26 O ...

Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox before 1250 allows remote attackers to have unspecified impact via vectors involving OPTION_6RD parsing ...

ZTE Mobile Hotspot MS910S version DL_MF910S_CN_EUV10001 suffers from having a hard-coded administrative password, busybox vulnerabilities, and having a known backdoor in the GoAhead webserver ...

The industrial managed switch series 852 from WAGO is affected by multiple vulnerabilities such as old software components embedded in the firmware Furthermore, hardcoded password hashes and credentials were also found by doing an automated scan with IoT Inspector ...

Many Cisco devices such as Cisco RV340, Cisco RV340W, Cisco RV345, Cisco RV345P, Cisco RV260, Cisco RV260P, Cisco RV260W, Cisco 160, and Cisco 160W suffer from having hard-coded credentials, known GNU glibc, known BusyBox, and IoT Inspector identified vulnerabilities ...

Full Disclosure mailing list archives   By Date By Thread </form>    SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series <!--X-Subject-Heade ...

Full Disclosure mailing list archives   By Date By Thread </form>    SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X <!--X-Subject-Head ...

Full Disclosure mailing list archives   By Date By Thread </form>    SEC Consult SA-20200827-0 :: Multiple Vulnerabilities in ZTE mobile Hotspot MS910S  <!--X-H ...

CWE-119 https://git.busybox.net/busybox/commit/?id=352f79acbd759c14399e39baef21fc4ffe180ac2 https://busybox.net/news.html http://www.openwall.com/lists/oss-security/2016/03/11/16 https://security.gentoo.org/glsa/201612-04 https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html https://usn.ubuntu.com/3935-1/http://seclists.org/fulldisclosure/2019/Jun/18 https://seclists.org/bugtraq/2019/Jun/14 http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html http://seclists.org/fulldisclosure/2019/Sep/7 https://seclists.org/bugtraq/2019/Sep/7 http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html http://seclists.org/fulldisclosure/2020/Aug/20 https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html https://usn.ubuntu.com/3935-1/https://nvd.nist.gov

CVE-2016-2148

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Mailing Lists

References

Vulmon Search

About

Products

Connect