First published: Mon Oct 14 2019(Updated: )
Certain D-Link products are affected by: Buffer Overflow. This affects DIR-880L 1.08B04 and DIR-895 L/R 1.13b03. The impact is: execute arbitrary code (remote). The component is: htdocs/fileaccess.cgi. The attack vector is: A crafted HTTP request handled by fileacces.cgi could allow an attacker to mount a ROP attack: if the HTTP header field CONTENT_TYPE starts with ''boundary=' followed by more than 256 characters, a buffer overflow would be triggered, potentially causing code execution.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Dlink Dir-868l Firmware | ||
Dlink Dir-868l | ||
Dlink Dir-890l Firmware | ||
Dlink Dir-890l | ||
Dlink Dir-885l Firmware | ||
Dlink Dir-885l | ||
Dlink Dir-895l Firmware | =1.13b03 | |
Dlink Dir-895l | ||
Dlink Dir-880l Firmware | =1.08b04 | |
Dlink Dir-880l | ||
Dlink Dir-895r Firmware | =1.13b03 | |
Dlink Dir-895r |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2017-14948 is critical with a score of 9.8.
DIR-880L 1.08B04 and DIR-895 L/R 1.13b03 are affected by CVE-2017-14948.
The impact of CVE-2017-14948 is the ability to execute arbitrary code remotely.
The vulnerable component in CVE-2017-14948 is htdocs/fileaccess.cgi.
An attacker can exploit CVE-2017-14948 by sending a crafted HTTP request to fileaccess.cgi.