CVE-2014-7859

Name of the Vulnerable Software and Affected Versions D-Link DNR-320L versions prior to 1.04b08 D-Link DNS-320LW versions prior to 1.04b08 D-Link DNR-322L versions prior to 2.10 build 03 D-Link DNR-326 versions prior to 2.10 build 03 D-Link DNS-327L versions prior to 1.04b01

Description The issue is caused by a stack-based buffer overflow in the login mgr.cgi component of the D-Link firmware. This can be exploited by a remote attacker to execute arbitrary code by crafting malformed Host and Referer header values.

Recommendations For D-Link DNR-320L versions prior to 1.04b08, update to version 1.04b08 or later. For D-Link DNS-320LW versions prior to 1.04b08, update to version 1.04b08 or later. For D-Link DNR-322L versions prior to 2.10 build 03, update to version 2.10 build 03 or later. For D-Link DNR-326 versions prior to 2.10 build 03, update to version 2.10 build 03 or later. For D-Link DNS-327L versions prior to 1.04b01, update to version 1.04b01 or later. As a temporary workaround, consider restricting access to the login mgr.cgi component until a patch is available. Avoid using the login mgr.cgi component with untrusted input for the Host and Referer headers.