Details of VAR-202507-2683

ID

VAR-202507-2683

CVE

CVE-2014-125117

TITLE

D-Link Corporation of DSP-W215 Wi-Fi Smart Plug Firmware Input Validation Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2025-014666

DESCRIPTION

A stack-based buffer overflow vulnerability in the my_cgi.cgi component of certain D-Link devices, including the DSP-W215 version 1.02, can be exploited via a specially crafted HTTP POST request to the /common/info.cgi endpoint. This flaw enables an unauthenticated attacker to achieve remote code execution with system-level privileges. D-Link Corporation of DSP-W215 Wi-Fi Smart Plug The firmware contains input validation vulnerabilities and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2014-125117 // JVNDB: JVNDB-2025-014666

AFFECTED PRODUCTS

vendor:	dlink	model:	dsp-w215	scope:	eq	version:	1.02	Trust: 1.0
vendor:	d link	model:	dsp-w215 wi-fi smart plug	scope:	eq	version:	dsp-w215 wi-fi smart plug firmware 1.02	Trust: 0.8
vendor:	d link	model:	dsp-w215 wi-fi smart plug	scope:	eq	version:	-	Trust: 0.8
vendor:	d link	model:	dsp-w215 wi-fi smart plug	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2025-014666 // NVD: CVE-2014-125117

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-125117
value:	CRITICAL
Trust: 1.0
disclosure@vulncheck.com:	CVE-2014-125117
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2014-125117
value:	CRITICAL
Trust: 0.8

nvd@nist.gov:	CVE-2014-125117
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2014-125117
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2025-014666 // NVD: CVE-2014-125117 // NVD: CVE-2014-125117

PROBLEMTYPE DATA

problemtype:	CWE-121	Trust: 1.0
problemtype:	CWE-20	Trust: 1.0
problemtype:	Stack-based buffer overflow (CWE-121) [ others ]	Trust: 0.8
problemtype:	Inappropriate input confirmation (CWE-20) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-014666 // NVD: CVE-2014-125117

EXTERNAL IDS

db:	NVD	id:	CVE-2014-125117	Trust: 2.6
db:	EXPLOIT-DB	id:	34063	Trust: 1.8
db:	JVNDB	id:	JVNDB-2025-014666	Trust: 0.8

sources: JVNDB: JVNDB-2025-014666 // NVD: CVE-2014-125117

REFERENCES

url:	https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/dlink_dspw215_info_cgi_bof.rb	Trust: 1.8
url:	https://web.archive.org/web/20140525215526/http://www.devttys0.com/2014/05/hacking-the-dspw215-again/	Trust: 1.8
url:	https://www.exploit-db.com/exploits/34063	Trust: 1.8
url:	https://www.fortiguard.com/encyclopedia/ips/38932/d-link-info-cgi-post-request-buffer-overflow	Trust: 1.8
url:	https://www.vulncheck.com/advisories/dlink-stack-based-buffer-overflow-rce	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2014-125117	Trust: 0.8

sources: JVNDB: JVNDB-2025-014666 // NVD: CVE-2014-125117

SOURCES

db:	JVNDB	id:	JVNDB-2025-014666
db:	NVD	id:	CVE-2014-125117

LAST UPDATE DATE

2025-10-02T23:38:22.787000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2025-014666	date:	2025-09-30T07:35:00
db:	NVD	id:	CVE-2014-125117	date:	2025-09-23T18:03:59.860

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2025-014666	date:	2025-09-30T00:00:00
db:	NVD	id:	CVE-2014-125117	date:	2025-07-25T16:15:26.213