CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2014-7859

CVSS 9.8v3.0pub. 2017-08-25upd. 2026-05-13

Stack-based buffer overflow in login_mgr.cgi in D-Link firmware DNR-320L and DNS-320LW before 1.04b08, DNR-322L before 2.10 build 03, DNR-326 before 2.10 build 03, and DNS-327L before 1.04b01 allows remote attackers to execute arbitrary code by crafting malformed "Host" and "Referer" header values.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Dlink Dnr 320l

    HW
    Dlink
    wszystkie wersje
  • Dlink Dnr 326

    HW
    Dlink
    wszystkie wersje
  • Dlink Dns 320lw

    HW
    Dlink
    wszystkie wersje
  • Dlink Dns 322l

    HW
    Dlink
    wszystkie wersje
  • Dlink Dns 327l

    HW
    Dlink
    wszystkie wersje
  • D Link Dnr 320l Firmware

    OS
    D-Link
    ≤ 1.03b04
  • D Link Dnr 326 Firmware

    OS
    D-Link
    ≤ 1.40b03
  • D Link Dns 320lw Firmware

    OS
    D-Link
    ≤ 1.03b04
  • D Link Dns 322l Firmware

    OS
    D-Link
    ≤ 2.00b07
  • D Link Dns 327l Firmware

    OS
    D-Link
    ≤ 1.02
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
RCEMemory
CWE
References

Related vulnerabilities

CVE-2024-3272CRITICAL9.8⚠ KEVPL ✓ten sam produkt

D-Link DNS-320L/325/327L/340L — zakodowane na stałe poświadczenia (hard-coded credentials)

CVE-2024-10915CRITICAL9.2PL ✓ten sam produkt

Command injection w D-Link DNS-320/325/340L przez parametr group

CVE-2024-10914CRITICAL9.2PL ✓ten sam produkt

Command injection w D-Link DNS-320/325/340L — zdalne wykonanie poleceń OS

CVE-2014-7857CRITICAL9.8ten sam produkt

D-Link DNS-320L firmware before 1.04b12, DNS-327L before 1.03b04 Build0119, DNR-326 1.40b03, DNS-320B 1.02b01,...

CVE-2014-7858CRITICAL9.8ten sam produkt

The check_login function in D-Link DNR-326 before 2.10 build 03 allows remote attackers to bypass authenticati...