Unrated severityNVD Advisory· Published Jul 25, 2025· Updated Apr 7, 2026

D-Link info.cgi POST Request Stack-Based Buffer Overflow RCE

CVE-2014-125117

Description

A stack-based buffer overflow vulnerability in the my_cgi.cgi component of certain D-Link devices, including the DSP-W215 version 1.02, can be exploited via a specially crafted HTTP POST request to the /common/info.cgi endpoint. This flaw enables an unauthenticated attacker to achieve remote code execution with system-level privileges.

Affected products

Dlink/Dsp W215llm-fuzzy
Range: = 1.02
D-Link/DSP-W215v5
Range: 1.02

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/dlink_dspw215_info_cgi_bof.rbmitreexploit
web.archive.org/web/20140525215526/http://www.devttys0.com/2014/05/hacking-the-dspw215-again/mitretechnical-descriptionexploit
www.exploit-db.com/exploits/34063mitreexploit
www.fortiguard.com/encyclopedia/ips/38932/d-link-info-cgi-post-request-buffer-overflowmitrethird-party-advisory
www.vulncheck.com/advisories/dlink-stack-based-buffer-overflow-rcemitrethird-party-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.039
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000