CVE-2014-7859
published 2017-08-25CVE-2014-7859: Stack-based buffer overflow in login_mgr.cgi in D-Link firmware DNR-320L and DNS-320LW before 1.04b08, DNR-322L before 2.10 build 03, DNR-326 before 2.10 build…
critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
Stack-based buffer overflow in login_mgr.cgi in D-Link firmware DNR-320L and DNS-320LW before 1.04b08, DNR-322L before 2.10 build 03, DNR-326 before 2.10 build 03, and DNS-327L before 1.04b01 allows remote attackers to execute arbitrary code by crafting malformed "Host" and "Referer" header values.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| d-link | dnr-320l_firmware | <= 1.03b04 | — |
| d-link | dnr-326_firmware | <= 1.40b03 | — |
| d-link | dns-320lw_firmware | <= 1.03b04 | — |
| d-link | dns-322l_firmware | <= 2.00b07 | — |
| d-link | dns-327l_firmware | <= 1.02 | — |