Lucene search

[email protected]CVE-2014-3936

HistoryJun 02, 2014 - 2:55 p.m.

CVE-2014-3936

2014-06-0214:55:04

CWE-119

[email protected]

web.nvd.nist.gov

cve

2014

3936

stack-based buffer overflow

d-link

dsp-w215

dir-505

dir-505l

firmware

remote code execution

hnap

nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8.3 High

AI Score

Confidence

Low

0.964 High

EPSS

Percentile

99.6%

JSON

Stack-based buffer overflow in the do_hnap function in www/my_cgi.cgi in D-Link DSP-W215 (Rev. A1) with firmware 1.01b06 and earlier, DIR-505 with firmware before 1.08b10, and DIR-505L with firmware 1.01 and earlier allows remote attackers to execute arbitrary code via a long Content-Length header in a GetDeviceSettings action in an HNAP request.

Affected configurations

NVD

Node

dlinkdir505_shareport_mobile_companion_firmwareRange≤1.07

AND

dlinkdir505_shareport_mobile_companionMatcha1

Node

dlinkdir505l_shareport_mobile_companion_firmwareRange≤1.01

AND

dlinkdir-505l_shareport_mobile_companionMatcha1

Node

dlinkdsp-w215_firmwareRange≤1.01b06

AND

dlinkdsp-w215Matcha1

CPENameOperatorVersion
dlink:dir505_shareport_mobile_companion_firmwaredlink dir505 shareport mobile companion firmwarele1.07
dlink:dir505_shareport_mobile_companiondlink dir505 shareport mobile companioneqa1

CPE	Name	Operator	Version
dlink:dir505_shareport_mobile_companion_firmware	dlink dir505 shareport mobile companion firmware	le	1.07
dlink:dir505_shareport_mobile_companion	dlink dir505 shareport mobile companion	eq	a1