CVE-2014-3931
published 2017-03-31CVE-2014-3931: fastping.c in MRLG (aka Multi-Router Looking Glass) before 5.5.0 allows remote attackers to cause an arbitrary memory write and memory corruption.
PriorityP182critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2025-07-28
Exploited in the wild
EPSS
26.57%
97.8th percentile
fastping.c in MRLG (aka Multi-Router Looking Glass) before 5.5.0 allows remote attackers to cause an arbitrary memory write and memory corruption.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| multi-router_looking_glass_project | multi-router_looking_glass | <= 5.4.1 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerable component is fastping.c in MRLG (Multi-Router Looking Glass) before version 5.5.0; monitor for exploitation attempts targeting this component via network-facing MRLG instances ↗
- →Detect buffer overflow exploitation attempts against publicly exposed Multi-Router Looking Glass (MRLG) services; anomalous memory write patterns or crashes in MRLG processes may indicate active exploitation ↗
- ·MRLG instances prior to version 5.5.0 are vulnerable; upgrade to 5.5.0 or later per vendor instructions at the referenced project URL ↗
- ·CISA mandates remediation by 2025-07-28; if mitigations are unavailable, discontinue use of the product ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
cisa9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-vwmm-77c8-pxrj: fastping
ghsa_unreviewed·2022-05-17
CVE-2014-3931 [CRITICAL] CWE-119 GHSA-vwmm-77c8-pxrj: fastping
fastping.c in MRLG (aka Multi-Router Looking Glass) before 5.5.0 allows remote attackers to cause an arbitrary memory write and memory corruption.
VulnCheck
Multi-Router Looking Glass (MRLG) Buffer Overflow Vulnerability
vulncheck·2014·CVSS 9.8
CVE-2014-3931 [CRITICAL] CWE-119 Multi-Router Looking Glass (MRLG) Buffer Overflow Vulnerability
Multi-Router Looking Glass (MRLG) Buffer Overflow Vulnerability
Multi-Router Looking Glass (MRLG) contains a buffer overflow vulnerability that could allow remote attackers to cause an arbitrary memory write and memory corruption.
Affected: Looking Glass Multi-Router Looking Glass (MRLG)
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Exploitation References: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://www.rapid7.com/cdn/assets/bltbd2f1cd70f9e3e7f/691360b9c91291146f1a5308/threat-landscape-report-q3-2025.pdf; https://cyble.com/resources/research-reports/global-cybersecurity-report/; https://www.loginsoft.c
CISA
Multi-Router Looking Glass (MRLG) Buffer Overflow Vulnerability
cisa·2025-07-07·CVSS 9.8
CVE-2014-3931 [CRITICAL] CWE-119 Multi-Router Looking Glass (MRLG) Buffer Overflow Vulnerability
Vulnerability: Multi-Router Looking Glass (MRLG) Buffer Overflow Vulnerability
Affected: Looking Glass Multi-Router Looking Glass (MRLG)
Multi-Router Looking Glass (MRLG) contains a buffer overflow vulnerability that could allow remote attackers to cause an arbitrary memory write and memory corruption.
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notes: https://mrlg.op-sec.us/ ; https://nvd.nist.gov/vuln/detail/CVE-2014-3931
Remediation Due Date: 2025-07-28
No detection rules found.
No public exploits indexed.
Talos
Looking Glasses with Bacon
blogs_talos·2014-09-11
Looking Glasses with Bacon
## Looking Glasses with Bacon
This is my first post on the VRT blog and I would like to introduce myself. I am Mariano Graziano , an Italian third-year Ph.D. student at the Software and Systems Security Group at Institut Eurecom in Sophia-Antipolis (France) under the supervision of professor Davide Balzarotti. My research interests are memory forensics and automated malware analysis and currently I am an intern at Cisco in the Talos Security Intelligence and Research Group under the guidance of Alain Zidouemba for the next three months. This post is not about my current project at Cisco but is about my DEF CON talk.
At DEF CON 22 last month, I presented with my former colleague Luca Bruno an offensive research about Looking Glass software security. At the time we contacted all the Autono
Talos
Looking Glasses with Bacon
blogs_talos·2014-09-11
Looking Glasses with Bacon
This is my first post on the VRT blog and I would like to introduce myself. I am Mariano Graziano, an Italian third-year Ph.D. student at the Software and Systems Security Group at Institut Eurecom in Sophia-Antipolis (France) under the supervision of professor Davide Balzarotti. My research interests are memory forensics and automated malware analysis and currently I am an intern at Cisco in the Talos Security Intelligence and Research Group under the guidance of Alain Zidouemba for the next three months. This post is not about my current project at Cisco but is about my DEF CON talk.
At DEF CON 22 last month, I presented with my former colleague Luca Bruno an offensive research about Looking Glass software security. At the time we contacted all the Autonomous Systems (ASes) involved, as
HackerOne
Multiple issues in looking-glass software (aka from web to BGP injections)
hackerone·2014-09-17
Multiple issues in looking-glass software (aka from web to BGP injections)
Multiple issues in looking-glass software (aka from web to BGP injections)
During the month of May 2014 we performed an offensive security analysis, trying to find how hard would it be for a low-to-medium skilled attacker to disrupt the core of the Internet (ie. achieve the largest possible impact at the lowest common layer, with minimal resource). This is a confidential report on our results, showing vulnerabilities and incidents which have been properly reported in the meanwhile (authors contacted, CVE assigned, patches written and incidents handled).
Motivations
The target of our analysis are looking-glasses, web applications hosted by Autonomous Systems to offer restrict public access in order to debug network connectivity issues. We identified them as a possible weak links because:
2017-03-31
Published
2025-07-07
Added to CISA KEV
Exploited in the wild