Remote Code Execution Vulnerability in RDKB-20181217-1 CcspPandM Module

Remote Code Execution Vulnerability in RDKB-20181217-1 CcspPandM Module

CVE-2019-6963 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

A heap-based buffer overflow in cosa_dhcpv4_dml.c in the RDK RDKB-20181217-1 CcspPandM module may allow attackers with login credentials to achieve remote code execution by crafting a long buffer in the "Comment" field of an IP reservation form in the admin panel. This is related to the CcspCommonLibrary module.

Learn more about our Web Application Penetration Testing UK.