Details of VAR-201411-0143

ID

VAR-201411-0143

CVE

CVE-2014-1635

TITLE

Belkin N750 Router F9K1103 Firmware MiniHttpd Vulnerable to buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2014-005443

DESCRIPTION

Buffer overflow in login.cgi in MiniHttpd in Belkin N750 Router with firmware before F9K1103_WW_1.10.17m allows remote attackers to execute arbitrary code via a long string in the jump parameter. The Belkin N750 DB Wi-Fi Gigabit Router is a router that combines multiple video streams with up to 900 Mbps of wireless network connectivity and multi-player online game speed + routing speed. The Belkin N750 DB Wi-Fi Gigabit Router has a buffer overflow vulnerability due to the program not fully checking the user-supplied data. An attacker could exploit this vulnerability to execute arbitrary code or initiate a denial of service on an affected device. Belkin N750 is a dual-band wireless router product of Belkin. MiniHttpd is an embedded HTTP web server for it

Trust: 2.61

sources: NVD: CVE-2014-1635 // JVNDB: JVNDB-2014-005443 // CNVD: CNVD-2014-08196 // BID: 70977 // VULHUB: VHN-69574 // VULMON: CVE-2014-1635

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-08196

AFFECTED PRODUCTS

vendor:	belkin	model:	n750 wireless router	scope:	lte	version:	1.10.16n	Trust: 1.0
vendor:	belkin	model:	n750 wireless router	scope:	eq	version:	f9k1103	Trust: 1.0
vendor:	belkin	model:	play n750 db wireless dual-band n+ router	scope:	eq	version:	f9k1103	Trust: 0.8
vendor:	belkin	model:	play n750 db wireless dual-band n+ router	scope:	lt	version:	1.10.17	Trust: 0.8
vendor:	belkin	model:	n750 db wi-fi gigabit router	scope:	-	version:	-	Trust: 0.6
vendor:	belkin	model:	n750 wireless router	scope:	eq	version:	1.10.16n	Trust: 0.6

sources: CNVD: CNVD-2014-08196 // JVNDB: JVNDB-2014-005443 // CNNVD: CNNVD-201411-178 // NVD: CVE-2014-1635

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-1635
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-1635
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2014-08196
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201411-178
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-69574
value:	HIGH
Trust: 0.1
VULMON:	CVE-2014-1635
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-1635
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2014-08196
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-69574
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2014-08196 // VULHUB: VHN-69574 // VULMON: CVE-2014-1635 // JVNDB: JVNDB-2014-005443 // CNNVD: CNNVD-201411-178 // NVD: CVE-2014-1635

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-69574 // JVNDB: JVNDB-2014-005443 // NVD: CVE-2014-1635

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201411-178

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201411-178

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-005443

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-69574 // VULMON: CVE-2014-1635

PATCH

title:	Play N750 DB Wireless Dual-Band N+ Router, F9K1103 - Firmware	url:	http://www.belkin.com/us/support-article?articleNum=4831	Trust: 0.8
title:	F9K1103_WW_1.10.17	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=52473	Trust: 0.6
title:	hacking_etudes	url:	https://github.com/unbalancedparentheses/hacking_etudes	Trust: 0.1
title:	api.greynoise.io	url:	https://github.com/GreyNoise-Intelligence/api.greynoise.io	Trust: 0.1
title:	exploit-development	url:	https://github.com/cranelab/exploit-development	Trust: 0.1
title:	-	url:	https://github.com/paulveillard/cybersecurity-exploit-development	Trust: 0.1
title:	WindowsExploitDev	url:	https://github.com/whichbuffer/WindowsExploitDev	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/serious-root-access-bug-in-belkin-n750-router/109247/	Trust: 0.1

sources: VULMON: CVE-2014-1635 // JVNDB: JVNDB-2014-005443 // CNNVD: CNNVD-201411-178

EXTERNAL IDS

db:	NVD	id:	CVE-2014-1635	Trust: 3.5
db:	BID	id:	70977	Trust: 2.7
db:	EXPLOIT-DB	id:	35184	Trust: 1.8
db:	OSVDB	id:	114345	Trust: 1.8
db:	SECTRACK	id:	1031210	Trust: 1.2
db:	JVNDB	id:	JVNDB-2014-005443	Trust: 0.8
db:	CNNVD	id:	CNNVD-201411-178	Trust: 0.7
db:	CNVD	id:	CNVD-2014-08196	Trust: 0.6
db:	PACKETSTORM	id:	130973	Trust: 0.1
db:	SEEBUG	id:	SSVID-87334	Trust: 0.1
db:	VULHUB	id:	VHN-69574	Trust: 0.1
db:	VULMON	id:	CVE-2014-1635	Trust: 0.1

sources: CNVD: CNVD-2014-08196 // VULHUB: VHN-69574 // VULMON: CVE-2014-1635 // BID: 70977 // JVNDB: JVNDB-2014-005443 // CNNVD: CNNVD-201411-178 // NVD: CVE-2014-1635

REFERENCES

url:	https://labs.integrity.pt/articles/from-0-day-to-exploit-buffer-overflow-in-belkin-n750-cve-2014-1635/	Trust: 2.9
url:	https://labs.integrity.pt/advisories/cve-2014-1635/	Trust: 2.6
url:	http://www.securityfocus.com/bid/70977	Trust: 1.9
url:	http://www.belkin.com/us/support-article?articlenum=4831	Trust: 1.8
url:	http://www.exploit-db.com/exploits/35184	Trust: 1.8
url:	http://osvdb.org/show/osvdb/114345	Trust: 1.8
url:	http://www.securitytracker.com/id/1031210	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1635	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-1635	Trust: 0.8
url:	http://www.securityfocus.com/bid/70977/info	Trust: 0.6
url:	http://www.belkin.com/us/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://github.com/unbalancedparentheses/hacking_etudes	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.exploit-db.com/exploits/35184/	Trust: 0.1
url:	https://threatpost.com/serious-root-access-bug-in-belkin-n750-router/109247/	Trust: 0.1

sources: CNVD: CNVD-2014-08196 // VULHUB: VHN-69574 // VULMON: CVE-2014-1635 // BID: 70977 // JVNDB: JVNDB-2014-005443 // CNNVD: CNNVD-201411-178 // NVD: CVE-2014-1635

CREDITS

Marco Vaz

Trust: 0.3

sources: BID: 70977

SOURCES

db:	CNVD	id:	CNVD-2014-08196
db:	VULHUB	id:	VHN-69574
db:	VULMON	id:	CVE-2014-1635
db:	BID	id:	70977
db:	JVNDB	id:	JVNDB-2014-005443
db:	CNNVD	id:	CNNVD-201411-178
db:	NVD	id:	CVE-2014-1635

LAST UPDATE DATE

2025-04-13T23:36:30.462000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-08196	date:	2014-11-11T00:00:00
db:	VULHUB	id:	VHN-69574	date:	2016-03-31T00:00:00
db:	VULMON	id:	CVE-2014-1635	date:	2016-03-31T00:00:00
db:	BID	id:	70977	date:	2014-11-06T00:00:00
db:	JVNDB	id:	JVNDB-2014-005443	date:	2014-11-14T00:00:00
db:	CNNVD	id:	CNNVD-201411-178	date:	2014-12-03T00:00:00
db:	NVD	id:	CVE-2014-1635	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-08196	date:	2014-11-11T00:00:00
db:	VULHUB	id:	VHN-69574	date:	2014-11-12T00:00:00
db:	VULMON	id:	CVE-2014-1635	date:	2014-11-12T00:00:00
db:	BID	id:	70977	date:	2014-11-06T00:00:00
db:	JVNDB	id:	JVNDB-2014-005443	date:	2014-11-14T00:00:00
db:	CNNVD	id:	CNNVD-201411-178	date:	2014-11-14T00:00:00
db:	NVD	id:	CVE-2014-1635	date:	2014-11-12T16:55:06.513