Published: 09/12/2016 Updated: 27/08/2020

CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 694

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

The recv_and_process_client_pkt function in networking/ntpd.c in busybox allows remote malicious users to cause a denial of service (CPU and bandwidth consumption) via a forged NTP packet, which triggers a communication loop.

Vulnerable Product	Search on Vulmon	Subscribe to Product
busybox busybox

Debian Bug report logs - #833442 busybox: CVE-2016-6301: NTP server denial of service flaw Package: src:busybox; Maintainer for src:busybox is Debian Install System Team <debian-boot@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 4 Aug 2016 12:24:23 UTC Severity: normal Tags: pat ...

The recv_and_process_client_pkt function in networking/ntpdc in busybox allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged NTP packet, which triggers a communication loop ...

Phoenix Contact TC Router and TC Cloud Client versions 2053 and below, 20317 and below, and 10317 and below suffer from authenticated command injection and various other vulnerabilities ...

ZTE Mobile Hotspot MS910S version DL_MF910S_CN_EUV10001 suffers from having a hard-coded administrative password, busybox vulnerabilities, and having a known backdoor in the GoAhead webserver ...

The industrial managed switch series 852 from WAGO is affected by multiple vulnerabilities such as old software components embedded in the firmware Furthermore, hardcoded password hashes and credentials were also found by doing an automated scan with IoT Inspector ...

Many Cisco devices such as Cisco RV340, Cisco RV340W, Cisco RV345, Cisco RV345P, Cisco RV260, Cisco RV260P, Cisco RV260W, Cisco 160, and Cisco 160W suffer from having hard-coded credentials, known GNU glibc, known BusyBox, and IoT Inspector identified vulnerabilities ...

Full Disclosure mailing list archives   By Date By Thread </form>    SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series <!--X-Subject-Heade ...

Full Disclosure mailing list archives   By Date By Thread </form>    SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X <!--X-Subject-Head ...

Full Disclosure mailing list archives   By Date By Thread </form>    SEC Consult SA-20200827-0 :: Multiple Vulnerabilities in ZTE mobile Hotspot MS910S  <!--X-H ...

Full Disclosure mailing list archives   By Date By Thread </form>    SEC Consult SA-20200312-0 :: Authenticated Command Injection in Phoenix Contact TC Router & TC Cloud Client <!--X- ...

CWE-399 http://www.openwall.com/lists/oss-security/2016/08/03/7 http://www.securityfocus.com/bid/92277 https://git.busybox.net/busybox/commit/?id=150dc7a2b483b8338a3e185c478b4b23ee884e71 https://bugzilla.redhat.com/show_bug.cgi?id=1363710 https://security.gentoo.org/glsa/201701-05 http://seclists.org/fulldisclosure/2019/Jun/18 https://seclists.org/bugtraq/2019/Jun/14 http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html http://seclists.org/fulldisclosure/2019/Sep/7 https://seclists.org/bugtraq/2019/Sep/7 http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html http://seclists.org/fulldisclosure/2020/Mar/15 http://seclists.org/fulldisclosure/2020/Aug/20 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=833442 https://nvd.nist.gov

CVE-2016-6301

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Mailing Lists

References

Vulmon Search

About

Products

Connect