CVE-2014-3936
Stack-based buffer overflow in the do_hnap function in www/my_cgi.cgi in D-Link DSP-W215 (Rev. A1) with firmware 1.01b06 and earlier, DIR-505 with firmware before 1.08b10, and DIR-505L with firmware 1.01 and earlier allows remote attackers to execute arbitrary code via a long Content-Length header in a GetDeviceSettings action in an HNAP request.
View on NVDSeverity
N/A
EPSS
Probability of exploitation (next 30 days): 0.8433 (84.3%)
Percentile: 99.3%
EPSS: 2026-05-06
Affects
dlink:dir505_shareport_mobile_companion_firmwaredlink:dir505_shareport_mobile_companiondlink:dir505l_shareport_mobile_companion_firmwaredlink:dir-505l_shareport_mobile_companiondlink:dsp-w215_firmwaredlink:dsp-w215Technical description
Stack-based buffer overflow in the do_hnap function in www/my_cgi.cgi in D-Link DSP-W215 (Rev. A1) with firmware 1.01b06 and earlier, DIR-505 with firmware before 1.08b10, and DIR-505L with firmware 1.01 and earlier allows remote attackers to execute arbitrary code via a long Content-Length header in a GetDeviceSettings action in an HNAP request.
Published: 6/2/2014, 2:55:04 PM
Last modified: 5/6/2026, 10:30:45 PM
References
- http://packetstormsecurity.com/files/127427/D-Link-HNAP-Request-Remote-Buffer-Overflow.html
- http://secunia.com/advisories/58728
- http://secunia.com/advisories/58972
- http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10027
- http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10029
- http://www.devttys0.com/2014/05/hacking-the-d-link-dsp-w215-smart-plug
- http://www.securityfocus.com/bid/67651
- http://packetstormsecurity.com/files/127427/D-Link-HNAP-Request-Remote-Buffer-Overflow.html