Stack-based Buffer Overflow in D-Link DSP-W215, DIR-505, and DIR-505L Allows Remote Code Execution

Stack-based Buffer Overflow in D-Link DSP-W215, DIR-505, and DIR-505L Allows Remote Code Execution

CVE-2014-3936 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

Stack-based buffer overflow in the do_hnap function in www/my_cgi.cgi in D-Link DSP-W215 (Rev. A1) with firmware 1.01b06 and earlier, DIR-505 with firmware before 1.08b10, and DIR-505L with firmware 1.01 and earlier allows remote attackers to execute arbitrary code via a long Content-Length header in a GetDeviceSettings action in an HNAP request.

Learn more about our Web Application Penetration Testing UK.