CVE-2014-7859

CWE-119 — Buffer Overflow3 documents3 sources

Severity

9.8CRITICAL

EPSS

11.4%

top 6.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

D-link Dnr-320l Firmware D-link Dnr-326 Firmware D-link Dns-320lw Firmware +2 more

Timeline

PublishedAug 25

Latest updateMay 14

Description

Stack-based buffer overflow in login_mgr.cgi in D-Link firmware DNR-320L and DNS-320LW before 1.04b08, DNR-322L before 2.10 build 03, DNR-326 before 2.10 build 03, and DNS-327L before 1.04b01 allows remote attackers to execute arbitrary code by crafting malformed "Host" and "Referer" header values.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages5 packages

▶NVDd-link/dns-320lw_firmware1.03b04

▶NVDd-link/dnr-320l_firmware1.03b04

▶NVDd-link/dns-322l_firmware2.00b07

▶NVDd-link/dns-327l_firmware1.02

▶NVDd-link/dnr-326_firmware1.40b03

🔴Vulnerability Details

GHSA

GHSA-82v9-g947-fhvr: Stack-based buffer overflow in login_mgr↗2022-05-14

▶

CVEList

CVE-2014-7859: Stack-based buffer overflow in login_mgr↗2017-08-25

▶