|
|
|||
| Rule General Information |
|---|
| Release Date: | 2015-09-11 | |
| Rule Name: | D-link HNAP Request Stack Buffer Overflow Vulnerability -1 (CVE-2014-3936) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Stack-based buffer overflow in the do_hnap function in www/my_cgi.cgi in D-Link DSP-W215 (Rev. A1) with firmware 1.01b06 and earlier, DIR-505 with firmware before 1.08b10, and DIR-505L with firmware 1.01 and earlier allows remote attackers to execute arbitrary code via a long Content-Length header in a GetDeviceSettings action in an HNAP request. | |
| Impact: | A buffer overflow vulnerability can be triggered by an attacker in the context of the vulnerable product. Further attacks include arbitrary code execution and denial of service. | |
| Affected OS: | Network Device, Linux | |
| Reference: | SecurityFocusBID:67651 |
|
| Solutions |
|---|
| More advisories have been published on the website, please visit for more suggestions: http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10027 http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10029 |