What is CVE-2014-125117?

CVE-2014-125117 is a vulnerability in D-link Dsp-w215, classified under Stack-based Buffer Overflow. Published 2025-07-25.

Is CVE-2014-125117 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in D-link Dsp-w215

CVE-2014-125117

A stack-based buffer overflow vulnerability in the my_cgi.cgi component of certain D-Link devices, including the DSP-W215 version 1.02, can be exploited via a specially crafted HTTP POST request to the /common/info.cgi endpoint. This flaw…

Vulnerability class: Buffer Overflow

EPSS: 0.625 (98.4th percentile) — read the EPSS interpretation.

Affected products

D-link Dsp-w215 — versions 1.02

Weakness classification (CWE)

Public proof-of-concept exploits

rapid7/metasploit-framework

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/l… (exploit)
www.exploit-db.com/exploits/34063 (exploit)
web.archive.org/web/20140525215526/http://www.devttys0.com/2014/05/hacking-the-… (technical-description, exploit)
www.fortiguard.com/encyclopedia/ips/38932/d-link-info-cgi-post-request-buffer-o… (third-party-advisory)
www.vulncheck.com/advisories/dlink-stack-based-buffer-overflow-rce (third-party-advisory)

Frequently asked questions

What is CVE-2014-125117?: CVE-2014-125117 is a vulnerability in D-link Dsp-w215, classified under Stack-based Buffer Overflow. Published 2025-07-25.
Is CVE-2014-125117 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.