Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-3936

CWE-119Buffer Overflow7 documents5 sources
Severity
10.0CRITICAL
EPSS
84.3%
top 0.68%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
6
Dlink Dir505 Shareport Mobile Companion FirmwareDlink Dir505l Shareport Mobile Companion FirmwareDlink Dsp-w215 Firmware+3 more
Timeline
PublishedJun 2
Latest updateMay 12

Description

Stack-based buffer overflow in the do_hnap function in www/my_cgi.cgi in D-Link DSP-W215 (Rev. A1) with firmware 1.01b06 and earlier, DIR-505 with firmware before 1.08b10, and DIR-505L with firmware 1.01 and earlier allows remote attackers to execute arbitrary code via a long Content-Length header in a GetDeviceSettings action in an HNAP request.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages6 packages

🔴Vulnerability Details

2
GHSA
GHSA-x263-j2r5-q3m7: Stack-based buffer overflow in the do_hnap function in www/my_cgi2022-05-17
CVEList
CVE-2014-3936: Stack-based buffer overflow in the do_hnap function in www/my_cgi2014-06-02

💥Exploits & PoCs

1
Exploit-DB
D-Link HNAP - Request Remote Buffer Overflow (Metasploit)2014-07-14

🔍Detection Rules

3
Suricata
ET EXPLOIT D-Link HNAP - Request Remote Buffer Overflow M2 (CVE-2014-3936)2025-05-12
Suricata
ET EXPLOIT D-Link HNAP - Request Remote Buffer Overflow M3 (CVE-2014-3936)2025-05-12
Suricata
ET EXPLOIT D-Link HNAP - Request Remote Buffer Overflow M1 (CVE-2014-3936)2025-05-12