CVE-2017-14948

Name of the Vulnerable Software and Affected Versions D-Link DIR-880L version 1.08B04 D-Link DIR-895 L/R version 1.13b03

Description The issue allows an attacker to execute arbitrary code remotely. It involves a buffer overflow in the htdocs/fileaccess.cgi component. A crafted HTTP request to this component could trigger the buffer overflow if the HTTP header field CONTENT TYPE starts with 'boundary=' followed by more than 256 characters, potentially leading to code execution.

Recommendations For D-Link DIR-880L version 1.08B04, consider restricting access to the htdocs/fileaccess.cgi component until a patch is available. For D-Link DIR-895 L/R version 1.13b03, consider restricting access to the htdocs/fileaccess.cgi component until a patch is available. As a temporary workaround, avoid using HTTP requests with a CONTENT TYPE header starting with 'boundary=' followed by more than 256 characters to minimize the risk of exploitation.