Stack-based buffer overflow in the do_hnap function in www/my_cgi.cgi in D-Link DSP-W215 (Rev. A1) with firmware 1.01b06 and previous versions, DIR-505 with firmware prior to 1.08b10, and DIR-505L with firmware 1.01 and previous versions allows remote malicious users to execute arbitrary code via a long Content-Length header in a GetDeviceSettings action in an HNAP request.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
dlink dir505_shareport_mobile_companion_firmware |
||
dlink dir505_shareport_mobile_companion a1 |
||
dlink dir505l_shareport_mobile_companion_firmware |
||
dlink dir-505l_shareport_mobile_companion a1 |
||
dlink dsp-w215_firmware |
||
dlink dsp-w215 a1 |