CVE-2017-14948
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD
Description
Certain D-Link products are affected by: Buffer Overflow. This affects DIR-880L 1.08B04 and DIR-895 L/R 1.13b03. The impact is: execute arbitrary code (remote). The component is: htdocs/fileaccess.cgi. The attack vector is: A crafted HTTP request handled by fileacces.cgi could allow an attacker to mount a ROP attack: if the HTTP header field CONTENT_TYPE starts with ''boundary=' followed by more than 256 characters, a buffer overflow would be triggered, potentially causing code execution.
Affected (6)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Dlink Dir 868l | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Dlink Dir 890l | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Dlink Dir 885l | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.13b03 |
| Running on/with | Platform Versions |
|---|---|
Dlink Dir 895l | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.08b04 |
| Running on/with | Platform Versions |
|---|---|
Dlink Dir 880l | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.13b03 |
| Running on/with | Platform Versions |
|---|---|
Dlink Dir 895r | All versions |
References (2)
Source: cve@mitre.org
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Timeline
No history available yet.