Vulnerability Details : CVE-2014-3936
Public exploit exists!
Stack-based buffer overflow in the do_hnap function in www/my_cgi.cgi in D-Link DSP-W215 (Rev. A1) with firmware 1.01b06 and earlier, DIR-505 with firmware before 1.08b10, and DIR-505L with firmware 1.01 and earlier allows remote attackers to execute arbitrary code via a long Content-Length header in a GetDeviceSettings action in an HNAP request.
Vulnerability category: OverflowExecute code
Products affected by CVE-2014-3936
- cpe:2.3:o:dlink:dsp-w215_firmware:*:b06:*:*:*:*:*:*
- cpe:2.3:h:dlink:dsp-w215:a1:*:*:*:*:*:*:*
- cpe:2.3:o:dlink:dir505_shareport_mobile_companion_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:h:dlink:dir505_shareport_mobile_companion:a1:*:*:*:*:*:*:*
- cpe:2.3:o:dlink:dir505l_shareport_mobile_companion_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:h:dlink:dir-505l_shareport_mobile_companion:a1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-3936
96.33%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2014-3936
-
D-Link HNAP Request Remote Buffer Overflow
Disclosure Date: 2014-05-15First seen: 2020-04-26exploit/linux/http/dlink_hnap_bofThis module exploits an anonymous remote code execution vulnerability on different D-Link devices. The vulnerability is due to a stack based buffer overflow while handling malicious HTTP POST requests addressed to the HNAP handler. This module has been successfully t
CVSS scores for CVE-2014-3936
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2014-3936
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-3936
-
http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10027
D-Link Technical SupportVendor Advisory
-
http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10029
D-Link Technical SupportVendor Advisory
-
http://www.devttys0.com/2014/05/hacking-the-d-link-dsp-w215-smart-plug
Hacking the D-Link DSP-W215 Smart Plug – /dev/ttyS0Exploit
-
http://packetstormsecurity.com/files/127427/D-Link-HNAP-Request-Remote-Buffer-Overflow.html
D-Link HNAP Request Remote Buffer Overflow ≈ Packet StormExploit
-
http://www.securityfocus.com/bid/67651
DIR-505 and DIR-505L Stack Buffer Overflow VulnerabilityExploit
Jump to