CVE-2014-7859

Published: Aug 25, 2017Modified: May 13, 2026

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Stack-based buffer overflow in login_mgr.cgi in D-Link firmware DNR-320L and DNS-320LW before 1.04b08, DNR-322L before 2.10 build 03, DNR-326 before 2.10 build 03, and DNS-327L before 1.04b01 allows remote attackers to execute arbitrary code by crafting malformed "Host" and "Referer" header values.

Affected (5)

Products: D Link: Dns 322l Firmware, Dns 320lw Firmware, Dnr 326 Firmware, Dns 327l Firmware, Dnr 320l Firmware

5 products

Dns 322l Firmware

Dns 320lw Firmware

Dnr 326 Firmware

Dns 327l Firmware

Dnr 320l Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
D Link Dns 322l Firmware	Up to 2.00b07

Running on/with	Platform Versions
Dlink Dns 322l	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
D Link Dns 320lw Firmware	Up to 1.03b04

Running on/with	Platform Versions
Dlink Dns 320lw	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
D Link Dnr 326 Firmware	Up to 1.40b03

Running on/with	Platform Versions
Dlink Dnr 326	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
D Link Dns 327l Firmware	Up to 1.02

Running on/with	Platform Versions
Dlink Dns 327l	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
D Link Dnr 320l Firmware	Up to 1.03b04

Running on/with	Platform Versions
Dlink Dnr 320l	All versions

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (10)

http://packetstormsecurity.com/files/132075/D-Link-Bypass-Buffer-Overflow.html

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2015/May/125

Source: cve@mitre.org

Mailing ListThird Party AdvisoryVDB Entry

http://www.search-lab.hu/media/D-Link_Security_advisory_3_0_public.pdf

Source: cve@mitre.org

Technical DescriptionThird Party Advisory

http://www.securityfocus.com/archive/1/535626/100/200/threaded

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/74878

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/132075/D-Link-Bypass-Buffer-Overflow.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2015/May/125

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party AdvisoryVDB Entry

http://www.search-lab.hu/media/D-Link_Security_advisory_3_0_public.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Technical DescriptionThird Party Advisory

http://www.securityfocus.com/archive/1/535626/100/200/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/74878

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.