A vulnerability, which was classified as critical, has been found in D-Link DNR-320L, DNS-320LW, DNR-322L, DNR-326 and DNS-327L. Affected by this issue is some unknown processing of the file login_mgr.cgi of the component HTTP Header Handler. The manipulation of the argument Host/Referer with an unknown input leads to a memory corruption vulnerability. Using CWE to declare the problem leads to CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. Impacted is confidentiality, integrity, and availability. CVE summarizes:

Stack-based buffer overflow in login_mgr.cgi in D-Link firmware DNR-320L and DNS-320LW before 1.04b08, DNR-322L before 2.10 build 03, DNR-326 before 2.10 build 03, and DNS-327L before 1.04b01 allows remote attackers to execute arbitrary code by crafting malformed "Host" and "Referer" header values.

The bug was discovered 10/03/2014. The weakness was shared 08/25/2017 with Search-Laboratory Ltd. as not defined posting (Bugtraq). The advisory is available at securityfocus.com. This vulnerability is handled as CVE-2014-7859 since 10/03/2014. The attack may be launched remotely. No form of authentication is required for exploitation. Technical details are known, but there is no available exploit.

The vulnerability was handled as a non-public zero-day exploit for at least 1057 days. During that time the estimated underground price was around $5k-$25k.

Upgrading eliminates this vulnerability.

The entries 105732, 105733 and 105735 are related to this item.

Productinfo

Vendor

• D-Link

Name

• DNR-320L
• DNR-322L
• DNR-326
• DNS-320LW
• DNS-327L

License

• commercial

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion