Lucene search

[email protected]NVD:CVE-2014-7859

HistoryAug 25, 2017 - 6:29 p.m.

CVE-2014-7859

2017-08-2518:29:00

CWE-119

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.429

Percentile

97.4%

JSON

Stack-based buffer overflow in login_mgr.cgi in D-Link firmware DNR-320L and DNS-320LW before 1.04b08, DNR-322L before 2.10 build 03, DNR-326 before 2.10 build 03, and DNS-327L before 1.04b01 allows remote attackers to execute arbitrary code by crafting malformed “Host” and “Referer” header values.

Affected configurations

Nvd

Node

d-linkdns-322l_firmwareRange≤2.00b07

AND

dlinkdns-322lMatch-

Node

d-linkdns-320lw_firmwareRange≤1.03b04

AND

dlinkdns-320lwMatch-

Node

d-linkdnr-326_firmwareRange≤1.40b03

AND

dlinkdnr-326Match-

Node

d-linkdns-327l_firmwareRange≤1.02

AND

dlinkdns-327lMatch-

Node

d-linkdnr-320l_firmwareRange≤1.03b04

AND

dlinkdnr-320lMatch-

VendorProductVersionCPE
d-linkdns-322l_firmware*cpe:2.3:o:d-link:dns-322l_firmware:*:*:*:*:*:*:*:*
dlinkdns-322l-cpe:2.3:h:dlink:dns-322l:-:*:*:*:*:*:*:*
d-linkdns-320lw_firmware*cpe:2.3:o:d-link:dns-320lw_firmware:*:*:*:*:*:*:*:*
dlinkdns-320lw-cpe:2.3:h:dlink:dns-320lw:-:*:*:*:*:*:*:*
d-linkdnr-326_firmware*cpe:2.3:o:d-link:dnr-326_firmware:*:*:*:*:*:*:*:*
dlinkdnr-326-cpe:2.3:h:dlink:dnr-326:-:*:*:*:*:*:*:*
d-linkdns-327l_firmware*cpe:2.3:o:d-link:dns-327l_firmware:*:*:*:*:*:*:*:*
dlinkdns-327l-cpe:2.3:h:dlink:dns-327l:-:*:*:*:*:*:*:*
d-linkdnr-320l_firmware*cpe:2.3:o:d-link:dnr-320l_firmware:*:*:*:*:*:*:*:*
dlinkdnr-320l-cpe:2.3:h:dlink:dnr-320l:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
d-link	dns-322l_firmware	*	cpe:2.3:o:d-link:dns-322l_firmware::::::::
dlink	dns-322l	-	cpe:2.3:h:dlink:dns-322l:-:::::::*
d-link	dns-320lw_firmware	*	cpe:2.3:o:d-link:dns-320lw_firmware::::::::
dlink	dns-320lw	-	cpe:2.3:h:dlink:dns-320lw:-:::::::*
d-link	dnr-326_firmware	*	cpe:2.3:o:d-link:dnr-326_firmware::::::::
dlink	dnr-326	-	cpe:2.3:h:dlink:dnr-326:-:::::::*
d-link	dns-327l_firmware	*	cpe:2.3:o:d-link:dns-327l_firmware::::::::
dlink	dns-327l	-	cpe:2.3:h:dlink:dns-327l:-:::::::*
d-link	dnr-320l_firmware	*	cpe:2.3:o:d-link:dnr-320l_firmware::::::::
dlink	dnr-320l	-	cpe:2.3:h:dlink:dnr-320l:-:::::::*

References

packetstormsecurity.com/files/132075/D-Link-Bypass-Buffer-Overflow.html

seclists.org/fulldisclosure/2015/May/125

www.search-lab.hu/media/D-Link_Security_advisory_3_0_public.pdf

www.securityfocus.com/archive/1/535626/100/200/threaded

www.securityfocus.com/bid/74878

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.429

Percentile

97.4%

JSON

Related for NVD:CVE-2014-7859

prion1 cve1 cvelist1 securityvulns1