CVE-2014-125117

CWE-20 — Improper Input Validation CWE-121 — Stack-based Buffer Overflow3 documents3 sources

Severity

9.3CRITICAL

EPSS

48.5%

top 2.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

D-link Dsp-w215 Dlink Dsp-w215 Firmware

Timeline

PublishedJul 25

Description

A stack-based buffer overflow vulnerability in the my_cgi.cgi component of certain D-Link devices, including the DSP-W215 version 1.02, can be exploited via a specially crafted HTTP POST request to the /common/info.cgi endpoint. This flaw enables an unauthenticated attacker to achieve remote code execution with system-level privileges.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5d-link/dsp-w2151.02

▶NVDdlink/dsp-w215_firmware1.02

🔴Vulnerability Details

CVEList

D-Link info.cgi POST Request Stack-Based Buffer Overflow RCE↗2025-07-25

▶

GHSA

GHSA-xwxf-3fv9-8q9p: A stack-based buffer overflow vulnerability in the my_cgi↗2025-07-25

▶