Sign-up

ID

VAR-201406-0365


CVE

CVE-2014-3936


TITLE

plural D-Link Network product firmware stack-based buffer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-002721

DESCRIPTION

Stack-based buffer overflow in the do_hnap function in www/my_cgi.cgi in D-Link DSP-W215 (Rev. A1) with firmware 1.01b06 and earlier, DIR-505 with firmware before 1.08b10, and DIR-505L with firmware 1.01 and earlier allows remote attackers to execute arbitrary code via a long Content-Length header in a GetDeviceSettings action in an HNAP request. Dlink specializes in the design and development of wireless network and Ethernet road hardware products. When processing the \"Content-Length\" header, the \"do_hnap()\" function (/www/my_cgi.cgi) has a boundary error, which can be remote. The attacker exploited this vulnerability to create a stack buffer overflow through a specially crafted SOAP \"GetDeviceSettings\" HNAP request. The D-Link DSP-W215, DIR-505 and DIR-505L are products of D-Link. The D-Link DSP-W215 is a Wi-Fi smart socket; the D-Link DIR-505 and DIR-505L are portable wireless routers. DIR-505 and DIR-505L are prone to a stack-based buffer-overflow vulnerability because they fail to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Failed attempts will likely cause a denial-of-service condition. The following versions are affected: D-Link DSP-W215 (Rev

Trust: 3.6

sources: NVD: CVE-2014-3936 // JVNDB: JVNDB-2014-002721 // CNVD: CNVD-2014-03317 // CNVD: CNVD-2014-03544 // CNVD: CNVD-2014-03220 // BID: 67651 // VULHUB: VHN-71876

IOT TAXONOMY

category:['IoT', 'Network device']sub_category: -

Trust: 1.2

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-03317 // CNVD: CNVD-2014-03544 // CNVD: CNVD-2014-03220

AFFECTED PRODUCTS

vendor:dlinkmodel:dsp-w215scope:lteversion:1.01

Trust: 1.0

vendor:dlinkmodel:dir505l shareport mobile companionscope:lteversion:1.01

Trust: 1.0

vendor:dlinkmodel:dir505 shareport mobile companionscope:lteversion:1.07

Trust: 1.0

vendor:dlinkmodel:dir-505l shareport mobile companionscope:eqversion:a1

Trust: 1.0

vendor:dlinkmodel:dsp-w215scope:eqversion:a1

Trust: 1.0

vendor:dlinkmodel:dir505 shareport mobile companionscope:eqversion:a1

Trust: 1.0

vendor:d linkmodel:dir-505 shareport mobile companionscope:eqversion:ax

Trust: 0.8

vendor:d linkmodel:dir-505 shareport mobile companionscope:ltversion:1.08b10

Trust: 0.8

vendor:d linkmodel:dir-505l shareport mobile companionscope:eqversion:ax

Trust: 0.8

vendor:d linkmodel:dir-505l shareport mobile companionscope:lteversion:1.01

Trust: 0.8

vendor:d linkmodel:dsp-w215 wi-fi smart plugscope:eqversion:a1

Trust: 0.8

vendor:d linkmodel:dsp-w215 wi-fi smart plugscope:lteversion:1.01b06

Trust: 0.8

vendor:d linkmodel:dir-505scope: - version: -

Trust: 0.6

vendor:d linkmodel:dir-505lscope: - version: -

Trust: 0.6

vendor:d linkmodel:dsp-w215 a1scope: - version: -

Trust: 0.6

vendor:d linkmodel:dsp-w215 <=1.01:b06scope: - version: -

Trust: 0.6

vendor:d linkmodel:dir505 shareport mobile companionscope:lteversion:<=1.07

Trust: 0.6

vendor:d linkmodel:dir505 shareport mobile companion a1scope: - version: -

Trust: 0.6

vendor:d linkmodel:dir-505l shareport mobile companion a1scope: - version: -

Trust: 0.6

vendor:d linkmodel:dsp-w215scope: - version: -

Trust: 0.6

vendor:d linkmodel:dsp-w215scope:eqversion:1.01

Trust: 0.6

vendor:d linkmodel:dir505l shareport mobile companionscope:eqversion:1.01

Trust: 0.6

vendor:d linkmodel:dir505 shareport mobile companionscope:eqversion:1.07

Trust: 0.6

sources: CNVD: CNVD-2014-03317 // CNVD: CNVD-2014-03544 // CNVD: CNVD-2014-03220 // JVNDB: JVNDB-2014-002721 // CNNVD: CNNVD-201406-009 // NVD: CVE-2014-3936

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-3936
value: HIGH

Trust: 1.0

NVD: CVE-2014-3936
value: HIGH

Trust: 0.8

CNVD: CNVD-2014-03317
value: HIGH

Trust: 0.6

CNVD: CNVD-2014-03544
value: HIGH

Trust: 0.6

CNVD: CNVD-2014-03220
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201406-009
value: HIGH

Trust: 0.6

VULHUB: VHN-71876
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-3936
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-03317
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

CNVD: CNVD-2014-03544
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

CNVD: CNVD-2014-03220
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-71876
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2014-03317 // CNVD: CNVD-2014-03544 // CNVD: CNVD-2014-03220 // VULHUB: VHN-71876 // JVNDB: JVNDB-2014-002721 // CNNVD: CNNVD-201406-009 // NVD: CVE-2014-3936

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-71876 // JVNDB: JVNDB-2014-002721 // NVD: CVE-2014-3936

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201406-009

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201406-009

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-002721

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-71876

PATCH
title:SAP10027url:http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10027
Trust: 0.8
title:SAP10029url:http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10029
Trust: 0.8
title:Patch for DIR-505 and DIR-505L Stack Buffer Overflow Vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/45972
Trust: 0.6
title:Patch for multiple D-Link product buffer overflow vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/46250
Trust: 0.6
title:D-Link DSP-W215 HNAP 'GetDeviceSettings' Patch for Buffer Overflow Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/45812
Trust: 0.6
title:DIR-505_FIRMWARE_1.08B10url:http://123.124.177.30/web/xxk/bdxqById.tag?id=50409
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-03317 // 
            
            
            
            CNVD: CNVD-2014-03544 // 
            
            
            
            CNVD: CNVD-2014-03220 // 
            
            
            
            JVNDB: JVNDB-2014-002721 // 
            
            
            
            CNNVD: CNNVD-201406-009

EXTERNAL IDS
db:NVDid:CVE-2014-3936
Trust: 3.4
db:BIDid:67651
Trust: 3.2
db:SECUNIAid:58972
Trust: 2.3
db:DLINKid:SAP10029
Trust: 2.3
db:DLINKid:SAP10027
Trust: 2.3
db:SECUNIAid:58728
Trust: 1.7
db:PACKETSTORMid:127427
Trust: 1.7
db:JVNDBid:JVNDB-2014-002721
Trust: 0.8
db:CNNVDid:CNNVD-201406-009
Trust: 0.7
db:CNVDid:CNVD-2014-03317
Trust: 0.6
db:CNVDid:CNVD-2014-03544
Trust: 0.6
db:OSVDBid:107049
Trust: 0.6
db:CNVDid:CNVD-2014-03220
Trust: 0.6
db:EXPLOIT-DBid:34064
Trust: 0.1
db:SEEBUGid:SSVID-87136
Trust: 0.1
db:VULHUBid:VHN-71876
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2014-03317 // 
            
            
            
            CNVD: CNVD-2014-03544 // 
            
            
            
            CNVD: CNVD-2014-03220 // 
            
            
            
            VULHUB: VHN-71876 // 
            
            
            
            BID: 67651 // 
            
            
            
            JVNDB: JVNDB-2014-002721 // 
            
            
            
            CNNVD: CNNVD-201406-009 // 
            
            
            
            NVD: CVE-2014-3936

REFERENCES
url:http://securityadvisories.dlink.com/security/publication.aspx?name=sap10029
Trust: 2.3
url:http://securityadvisories.dlink.com/security/publication.aspx?name=sap10027
Trust: 2.3
url:http://www.securityfocus.com/bid/67651
Trust: 1.7
url:http://packetstormsecurity.com/files/127427/d-link-hnap-request-remote-buffer-overflow.html
Trust: 1.7
url:http://www.devttys0.com/2014/05/hacking-the-d-link-dsp-w215-smart-plug
Trust: 1.7
url:http://secunia.com/advisories/58728
Trust: 1.7
url:http://secunia.com/advisories/58972
Trust: 1.7
url:http://www.devttys0.com/2014/05/hacking-the-d-link-dsp-w215-smart-plug/
Trust: 1.4
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3936
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3936
Trust: 0.8
url:http://secunia.com/advisories/58972/
Trust: 0.6
url:http://osvdb.com/show/osvdb/107049
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-03317 // 
            
            
            
            CNVD: CNVD-2014-03544 // 
            
            
            
            CNVD: CNVD-2014-03220 // 
            
            
            
            VULHUB: VHN-71876 // 
            
            
            
            JVNDB: JVNDB-2014-002721 // 
            
            
            
            CNNVD: CNNVD-201406-009 // 
            
            
            
            NVD: CVE-2014-3936

CREDITS
Craig
Trust: 0.3
sources:
            
            
            BID: 67651

SOURCES
db:CNVDid:CNVD-2014-03317
db:CNVDid:CNVD-2014-03544
db:CNVDid:CNVD-2014-03220
db:VULHUBid:VHN-71876
db:BIDid:67651
db:JVNDBid:JVNDB-2014-002721
db:CNNVDid:CNNVD-201406-009
db:NVDid:CVE-2014-3936

LAST UPDATE DATE
2025-04-13T23:26:54.431000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-03317date:2014-05-29T00:00:00
db:CNVDid:CNVD-2014-03544date:2014-06-11T00:00:00
db:CNVDid:CNVD-2014-03220date:2014-05-23T00:00:00
db:VULHUBid:VHN-71876date:2015-10-08T00:00:00
db:BIDid:67651date:2014-07-21T01:00:00
db:JVNDBid:JVNDB-2014-002721date:2014-06-04T00:00:00
db:CNNVDid:CNNVD-201406-009date:2023-04-27T00:00:00
db:NVDid:CVE-2014-3936date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2014-03317date:2014-05-29T00:00:00
db:CNVDid:CNVD-2014-03544date:2014-06-11T00:00:00
db:CNVDid:CNVD-2014-03220date:2014-05-23T00:00:00
db:VULHUBid:VHN-71876date:2014-06-02T00:00:00
db:BIDid:67651date:2014-05-15T00:00:00
db:JVNDBid:JVNDB-2014-002721date:2014-06-04T00:00:00
db:CNNVDid:CNNVD-201406-009date:2014-06-04T00:00:00
db:NVDid:CVE-2014-3936date:2014-06-02T14:55:04.263