Published: 14/10/2019 Updated: 23/04/2021

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Certain D-Link products are affected by: Buffer Overflow. This affects DIR-880L 1.08B04 and DIR-895 L/R 1.13b03. The impact is: execute arbitrary code (remote). The component is: htdocs/fileaccess.cgi. The attack vector is: A crafted HTTP request handled by fileacces.cgi could allow an malicious user to mount a ROP attack: if the HTTP header field CONTENT_TYPE starts with ''boundary=' followed by more than 256 characters, a buffer overflow would be triggered, potentially causing code execution.

Vulnerable Product	Search on Vulmon	Subscribe to Product
dlink dir-868l_firmware -
dlink dir-890l_firmware -
dlink dir-885l_firmware -
dlink dir-895l_firmware 1.13b03
dlink dir-880l_firmware 1.08b04
dlink dir-895r_firmware 1.13b03

CVE-2017-14948 for D-Link 880 Firmware

Vulnerabilities in D-Link routers (CVE-2017-14948) In this little write-up we will see some bugs I found on D-Link products D-Link offers a wide range of products, including many different router models, mounting different firmware versions In this document I will address the following firmware versions: DIR-880L, DIR-868L, DIR-890L, DIR-885L and DIR-895L Without any further

CWE-120 https://github.com/badnack/d_link_880_bug/blob/master/README.md https://nvd.nist.gov https://github.com/badnack/d_link_880_bug

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-14948

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect