CVE-2017-14948
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Certain D-Link products are affected by: Buffer Overflow. This affects DIR-880L 1.08B04 and DIR-895 L/R 1.13b03. The impact is: execute arbitrary code (remote). The component is: htdocs/fileaccess.cgi. The attack vector is: A crafted HTTP request handled by fileacces.cgi could allow an attacker to mount a ROP attack: if the HTTP header field CONTENT_TYPE starts with ''boundary=' followed by more than 256 characters, a buffer overflow would be triggered, potentially causing code execution.
Ciertos productos de D-Link se ven afectados por: Desbordamiento de búfer. Esto afecta a DIR-880L 1.08B04 y DIR-895 L/R 1.13b03. El impacto es: ejecutar código arbitrario (remoto). El componente es: htdocs/fileaccess.cgi. El vector de ataque es: una petición HTTP diseñada manejada por fileacces.cgi podría permitir que un atacante realice un ataque ROP: si el campo de encabezado HTTP CONTENT_TYPE comienza con ''boundary='' seguido de más de 256 caracteres, se desencadenará un desbordamiento de búfer, potencialmente causando la ejecución del código.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-09-29 CVE Reserved
- 2019-10-14 CVE Published
- 2023-11-23 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/badnack/d_link_880_bug/blob/master/README.md | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Dlink Search vendor "Dlink" | Dir-868l Firmware Search vendor "Dlink" for product "Dir-868l Firmware" | - | - |
Affected
| in | Dlink Search vendor "Dlink" | Dir-868l Search vendor "Dlink" for product "Dir-868l" | - | - |
Safe
|
| Dlink Search vendor "Dlink" | Dir-890l Firmware Search vendor "Dlink" for product "Dir-890l Firmware" | - | - |
Affected
| in | Dlink Search vendor "Dlink" | Dir-890l Search vendor "Dlink" for product "Dir-890l" | - | - |
Safe
|
| Dlink Search vendor "Dlink" | Dir-885l Firmware Search vendor "Dlink" for product "Dir-885l Firmware" | - | - |
Affected
| in | Dlink Search vendor "Dlink" | Dir-885l Search vendor "Dlink" for product "Dir-885l" | - | - |
Safe
|
| Dlink Search vendor "Dlink" | Dir-895l Firmware Search vendor "Dlink" for product "Dir-895l Firmware" | 1.13b03 Search vendor "Dlink" for product "Dir-895l Firmware" and version "1.13b03" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dir-895l Search vendor "Dlink" for product "Dir-895l" | - | - |
Safe
|
| Dlink Search vendor "Dlink" | Dir-880l Firmware Search vendor "Dlink" for product "Dir-880l Firmware" | 1.08b04 Search vendor "Dlink" for product "Dir-880l Firmware" and version "1.08b04" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dir-880l Search vendor "Dlink" for product "Dir-880l" | - | - |
Safe
|
| Dlink Search vendor "Dlink" | Dir-895r Firmware Search vendor "Dlink" for product "Dir-895r Firmware" | 1.13b03 Search vendor "Dlink" for product "Dir-895r Firmware" and version "1.13b03" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dir-895r Search vendor "Dlink" for product "Dir-895r" | - | - |
Safe
|