CyberSec.Space Logo
Back to CVE Browser

CVE-2014-3936

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0430%
EPSS Percentile17.34th
PublishedJun 2, 2014
Last ModifiedMay 6, 2026

Vulnerability Description

Stack-based buffer overflow in the do_hnap function in www/my_cgi.cgi in D-Link DSP-W215 (Rev. A1) with firmware 1.01b06 and earlier, DIR-505 with firmware before 1.08b10, and DIR-505L with firmware 1.01 and earlier allows remote attackers to execute arbitrary code via a long Content-Length header in a GetDeviceSettings action in an HNAP request.

Affected Platforms (CPE)

πŸ’»
Dlink

Dir505 Shareport Mobile Companion Firmware

<= 1.07
πŸ”Œ
Dlink

Dir505 Shareport Mobile Companion

= a1
πŸ’»
Dlink

Dir505l Shareport Mobile Companion Firmware

<= 1.01
πŸ”Œ
Dlink

Dir 505l Shareport Mobile Companion

= a1
πŸ’»
Dlink

Dsp W215 Firmware

<= 1.01
πŸ”Œ
Dlink

Dsp W215

= a1

References & Advisories

πŸ”— http://packetstormsecurity.com/files/127427/D-Link-HNAP-Request-Remote-Buffer-Overflow.html
πŸ”— http://secunia.com/advisories/58728
πŸ”— http://secunia.com/advisories/58972
πŸ”— http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10027
πŸ”— http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10029
πŸ”— http://www.devttys0.com/2014/05/hacking-the-d-link-dsp-w215-smart-plug
πŸ”— http://www.securityfocus.com/bid/67651
πŸ”— http://packetstormsecurity.com/files/127427/D-Link-HNAP-Request-Remote-Buffer-Overflow.html

Related Vulnerabilities

CVE-2014-154410.0

Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x,...

CVE-2014-154710.0

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thund...

CVE-2014-494710.0

Buffer overflow in the HVM graphics console support in Citrix XenServer 6.2 Service Pack 1 and earlier has unspecified impact and ...

CVE-2014-450110.0

Multiple stack-based buffer overflows in sgminer before 4.2.2, cgminer before 4.3.5, and BFGMiner before 3.3.0 allow remote pool s...