How severe is CVE-2017-3882?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.6 out of 10.

What type of vulnerability is CVE-2017-3882?

This is classified as CWE-119, which is a common weakness in software security.

CVE-2017-3882 - CRITICAL Severity | CVSS 9.6

Vulnerability Description

A vulnerability in the Universal Plug-and-Play (UPnP) implementation in the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, Layer 2-adjacent attacker to execute arbitrary code or cause a denial of service (DoS) condition. The remote code execution could occur with root privileges. The vulnerability is due to incomplete range checks of the UPnP input data, which could result in a buffer overflow. An attacker could exploit this vulnerability by sending a malicious request to the UPnP listening port of the targeted device. An exploit could allow the attacker to cause the device to reload or potentially execute arbitrary code with root privileges. This vulnerability affects all firmware releases of the Cisco CVR100W Wireless-N VPN Router prior to Firmware Release 1.0.1.22. Cisco Bug IDs: CSCuz72642.

Related Vulnerabilities

CVE-2015-7939

CRITICAL

CVSS:9.6(Critical)

Heap-based buffer overflow in Unitronics VisiLogic OPLC IDE before 9.8.09 allows remote attackers to execute arbitrary code via a long vlp filename.

CWE-1192015

CVE-2016-0003

CRITICAL

CVSS:9.6(Critical)

Microsoft Edge allows remote attackers to execute arbitrary code via unspecified vectors, aka "Microsoft Edge Memory Corruption Vulnerability."

CWE-1192016

CVE-2016-4734

CRITICAL

CVSS:9.6(Critical)

WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a differe...

CWE-1192016

CVE-2016-7277

CRITICAL

CVSS:9.6(Critical)

Microsoft Office 2016 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."

CWE-1192016

CVE-2017-11309

CRITICAL

CVSS:9.6(Critical)

Buffer overflow in the SoftConsole client in Avaya IP Office before 10.1.1 allows remote servers to execute arbitrary code via a long response.

CWE-1192017

CVE-2017-12367

CRITICAL

CVSS:9.6(Critical)

A "Cisco WebEx Network Recording Player Denial of Service Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A re...

CWE-1192017