|
|||
Rule General Information |
---|
Release Date: | 2015-09-11 | |
Rule Name: | D-link HNAP Request Stack Buffer Overflow Vulnerability -1 (CVE-2014-3936) | |
Severity: | ||
CVE ID: | ||
Rule Protection Details |
---|
Description: | Stack-based buffer overflow in the do_hnap function in www/my_cgi.cgi in D-Link DSP-W215 (Rev. A1) with firmware 1.01b06 and earlier, DIR-505 with firmware before 1.08b10, and DIR-505L with firmware 1.01 and earlier allows remote attackers to execute arbitrary code via a long Content-Length header in a GetDeviceSettings action in an HNAP request. | |
Impact: | A buffer overflow vulnerability can be triggered by an attacker in the context of the vulnerable product. Further attacks include arbitrary code execution and denial of service. | |
Affected OS: | Network Device, Linux | |
Reference: | SecurityFocusBID:67651 |
|
Solutions |
---|
More advisories have been published on the website, please visit for more suggestions: http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10027 http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10029 |