What is CVE-2017-8414?

CVE-2017-8414 is an issue discovered on D-Link DCS-1100 and DCS-1130 devices, where the binary orthrus in the /sbin folder of the device handles all the UPnP connections received, and has a command injection and stack overflow vulnerability.

How does CVE-2017-8414 affect D-Link DCS-1100 devices?

CVE-2017-8414 affects D-Link DCS-1100 devices running vulnerable firmware versions, allowing attackers to exploit the command injection and stack overflow vulnerability.

How does CVE-2017-8414 affect D-Link DCS-1130 devices?

CVE-2017-8414 affects D-Link DCS-1130 devices running vulnerable firmware versions, allowing attackers to exploit the command injection and stack overflow vulnerability.

What is the severity of CVE-2017-8414?

CVE-2017-8414 has a severity rating of 7.8 (high).

How can CVE-2017-8414 be fixed?

To fix CVE-2017-8414, D-Link DCS-1100 and DCS-1130 device users should update to the latest firmware version provided by D-Link.

Vulnerability/
CVE-2017-8414

high

7.8

CWE

119

2/7/2019

5/8/2024

CVE-2017-8414: Buffer Overflow

First published: Tue Jul 02 2019(Updated: )

An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The binary orthrus in /sbin folder of the device handles all the UPnP connections received by the device. It seems that the binary performs a sprintf operation at address 0x0000A3E4 with the value in the command line parameter "-f" and stores it on the stack. Since there is no length check, this results in corrupting the registers for the function sub_A098 which results in memory corruption.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Dlink Dcs-1100 Firmware
Dlink Dcs-1100
Dlink Dcs-1130 Firmware
Dlink Dcs-1130

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2017-8414?
CVE-2017-8414 is an issue discovered on D-Link DCS-1100 and DCS-1130 devices, where the binary orthrus in the /sbin folder of the device handles all the UPnP connections received, and has a command injection and stack overflow vulnerability.
How does CVE-2017-8414 affect D-Link DCS-1100 devices?
CVE-2017-8414 affects D-Link DCS-1100 devices running vulnerable firmware versions, allowing attackers to exploit the command injection and stack overflow vulnerability.
How does CVE-2017-8414 affect D-Link DCS-1130 devices?
CVE-2017-8414 affects D-Link DCS-1130 devices running vulnerable firmware versions, allowing attackers to exploit the command injection and stack overflow vulnerability.
What is the severity of CVE-2017-8414?
CVE-2017-8414 has a severity rating of 7.8 (high).
How can CVE-2017-8414 be fixed?
To fix CVE-2017-8414, D-Link DCS-1100 and DCS-1130 device users should update to the latest firmware version provided by D-Link.

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/weakness
agent/last-modified-date
agent/references
agent/severity
agent/author
agent/description
agent/first-publish-date
agent/tags
agent/event
vendor/dlink
canonical/dlink dcs-1100 firmware
canonical/dlink dcs-1100
canonical/dlink dcs-1130 firmware
canonical/dlink dcs-1130

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.