What is CVE-2014-3936?

CVE-2014-3936 is a vulnerability in Dlink Dir-505l_shareport_mobile_companion, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2014-06-02.

Is CVE-2014-3936 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Dlink Dir-505l_shareport_mobile_companion

CVE-2014-3936

Stack-based buffer overflow in the do_hnap function in www/my_cgi.cgi in D-Link DSP-W215 (Rev. A1) with firmware 1.01b06 and earlier, DIR-505 with firmware before 1.08b10, and DIR-505L with firmware 1.01 and earlier allows remote attackers…

Vulnerability class: Buffer Overflow

EPSS: 0.843 (99.3th percentile) — read the EPSS interpretation.

Affected products

Dlink Dir-505l_shareport_mobile_companion — versions a1
Dlink Dir505l_shareport_mobile_companion_firmware
Dlink Dir505_shareport_mobile_companion — versions a1
Dlink Dir505_shareport_mobile_companion_firmware
Dlink Dsp-w215 — versions a1
Dlink Dsp-w215_firmware
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

Public proof-of-concept exploits

rapid7/metasploit-framework

References

cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
cve@mitre.org (Exploit, x_refsource_MISC)
58728 (x_refsource_SECUNIA, third-party-advisory)
cve@mitre.org (Exploit, x_refsource_MISC)
58972 (x_refsource_SECUNIA, third-party-advisory)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
67651 (Exploit, vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2014-3936?: CVE-2014-3936 is a vulnerability in Dlink Dir-505l_shareport_mobile_companion, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2014-06-02.
Is CVE-2014-3936 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.