Stack-based Buffer Overflow in D-Link Devices Due to my_cgi.cgi
CVE-2014-125117

9.3CRITICAL

Key Information:

Vendor: D-link
Status: Dsp-w215
Vendor: CVE Published:; 25 July 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2014-125117?

A stack-based buffer overflow has been identified in the my_cgi.cgi component of select D-Link devices, including the DSP-W215 version 1.02. This vulnerability can be exploited through a crafted HTTP POST request directed at the /common/info.cgi endpoint. An attacker without authentication can leverage this flaw to execute arbitrary code with system-level privileges, potentially compromising the device's integrity and security.

Affected Version(s)

DSP-W215 1.02

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2014-125117 - Proof of Concept

References

https://raw.githubusercontent.com/rapid7/metasploit-frame...

exploit

https://www.exploit-db.com/exploits/34063

exploit

https://web.archive.org/web/20140525215526/http://www.dev...

technical-descriptionexploit

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Jul 25, 2025
👾
Exploit known to exist
Jul 25, 2025
Vulnerability published
Jul 25, 2025
Vulnerability Reserved
Jul 24, 2025

Credit

Craig Heffner

D-link

Badges

What is CVE-2014-125117?

Affected Version(s)

Exploit Proof of Concept (PoC)

References

CVSS V4

Timeline

Credit