Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2014-3936

Published: 02/06/2014 Updated: 26/04/2023
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Dlink

Vulnerability Summary

Stack-based buffer overflow in the do_hnap function in www/my_cgi.cgi in D-Link DSP-W215 (Rev. A1) with firmware 1.01b06 and previous versions, DIR-505 with firmware prior to 1.08b10, and DIR-505L with firmware 1.01 and previous versions allows remote malicious users to execute arbitrary code via a long Content-Length header in a GetDeviceSettings action in an HNAP request.

Vulnerable Product Search on Vulmon Subscribe to Product

dlink dir505_shareport_mobile_companion_firmware

dlink dir505_shareport_mobile_companion a1

dlink dir505l_shareport_mobile_companion_firmware

dlink dir-505l_shareport_mobile_companion a1

dlink dsp-w215_firmware

dlink dsp-w215 a1

Exploits

Exploit DB: D-Link HNAP - Request Remote Buffer Overflow (Metasploit)
## # This module requires Metasploit: http//metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::CmdStager def initialize(info = {}) super(update_in ...

References

CWE-119http://secunia.com/advisories/58728http://www.devttys0.com/2014/05/hacking-the-d-link-dsp-w215-smart-plughttp://secunia.com/advisories/58972http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10027http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10029http://packetstormsecurity.com/files/127427/D-Link-HNAP-Request-Remote-Buffer-Overflow.htmlhttp://www.securityfocus.com/bid/67651https://nvd.nist.govhttps://www.exploit-db.com/exploits/34064/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
firmwareCVE-2023-52866CVE-2024-4367CVE-2024-1721CVE-2023-34992XML injectionCVE-2023-52817SQLCVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook