Buffer Overflow Vulnerability in ACME Micro_httpd Affecting D-Link and NetGear Routers
CVE-2014-4927

Currently unrated

Key Information:

Vendor: Netgear
Status: Wgr614; Micro Httpd; Mr-adsl-dg834; Dsl2750u
Vendor: CVE Published:; 24 July 2014

Summary

A buffer overflow vulnerability exists in the ACME micro_httpd server component utilized in several D-Link and NetGear router models. This flaw allows a remote attacker to send a specially crafted long string in the URI of a GET request, which can lead to a denial of service condition by crashing the affected router. Products specifically impacted include the D-Link DSL2750U, DSL2740U, and NetGear models WGR614 and MR-ADSL-DG834, necessitating immediate attention for securing network devices against potential exploitation.

References

http://www.exploit-db.com/exploits/34102

exploitx_refsource_EXPLOIT-DB

http://www.securityfocus.com/bid/68746

vdb-entryx_refsource_BID

http://osvdb.org/show/osvdb/109356

vdb-entryx_refsource_OSVDB

EPSS Score

21% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 24, 2014
Vulnerability Reserved
Jul 11, 2014