CVE-2014-4927

Name of the Vulnerable Software and Affected Versions ACME micro httpd versions (affected versions not specified) D-Link DSL2750U (affected versions not specified) D-Link DSL2740U (affected versions not specified) NetGear WGR614 (affected versions not specified) NetGear MR-ADSL-DG834 (affected versions not specified)

Description The issue allows remote attackers to cause a denial of service (crash) via a long string in the URI in a GET request to the '/api' endpoint or similar API endpoints. This can be achieved by exploiting a buffer overflow in the micro httpd component.

Recommendations For ACME micro httpd, consider restricting access to the micro httpd component until a patch is available. For D-Link DSL2750U, restrict access to the vulnerable module to minimize the risk of exploitation. For D-Link DSL2740U, avoid using long strings in the URI for GET requests until the issue is resolved. For NetGear WGR614, consider disabling the vulnerable function until a patch is available. For NetGear MR-ADSL-DG834, restrict access to the vulnerable API endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.