Executive Summary

Informations
Name CVE-2014-3936 First vendor Publication 2014-06-02
Vendor Cve Last vendor Modification 2023-04-26

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Stack-based buffer overflow in the do_hnap function in www/my_cgi.cgi in D-Link DSP-W215 (Rev. A1) with firmware 1.01b06 and earlier, DIR-505 with firmware before 1.08b10, and DIR-505L with firmware 1.01 and earlier allows remote attackers to execute arbitrary code via a long Content-Length header in a GetDeviceSettings action in an HNAP request.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3936

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

TypeDescriptionCount
Hardware 1
Hardware 1
Hardware 1

Snort® IPS/IDS

Date Description
2014-11-16 D-Link Multiple Products HNAP request buffer overflow attempt
RuleID : 31529 - Revision : 4 - Type : SERVER-OTHER

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/67651
CONFIRM http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10027
http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10029
MISC http://packetstormsecurity.com/files/127427/D-Link-HNAP-Request-Remote-Buffer...
http://www.devttys0.com/2014/05/hacking-the-d-link-dsp-w215-smart-plug
SECUNIA http://secunia.com/advisories/58728
http://secunia.com/advisories/58972

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
Date Informations
2023-04-27 00:28:01
  • Multiple Updates
2020-05-23 13:17:05
  • Multiple Updates
2020-05-23 01:52:20
  • Multiple Updates
2020-05-23 00:41:16
  • Multiple Updates
2016-04-27 00:55:59
  • Multiple Updates
2015-10-08 21:23:18
  • Multiple Updates
2015-05-21 00:27:40
  • Multiple Updates
2015-05-19 21:28:41
  • Multiple Updates
2015-05-14 21:28:07
  • Multiple Updates
2015-05-14 09:26:45
  • Multiple Updates
2014-11-16 21:25:06
  • Multiple Updates
2014-07-11 21:22:39
  • Multiple Updates
2014-06-03 17:21:36
  • Multiple Updates
2014-06-02 21:24:08
  • First insertion