Cyber Resilience

CVE-2014-125117

CriticalPublic PoC

Published: 25 July 2025

Published
25 July 2025
Modified
23 September 2025
KEV Added
Patch
CVSS Score v4 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.6255 98.4th percentile
Risk Priority 56 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2014-125117 is a critical-severity Improper Input Validation (CWE-20) vulnerability in Dlink Dsp-W215 Firmware. Its CVSS base score is 9.3 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 1.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2014-125117 is a stack-based buffer overflow vulnerability in the my_cgi.cgi component of certain D-Link devices, including the DSP-W215 version 1.02. The issue arises from a specially crafted HTTP POST request sent to the /common/info.cgi endpoint, leading to improper input validation (CWE-20) and stack-based buffer overflow (CWE-121).

Unauthenticated attackers can exploit this vulnerability remotely over the network with low attack complexity and no user interaction required. Successful exploitation enables remote code execution with system-level privileges, as indicated by the CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

References include a Metasploit exploit module for linux/http/dlink_dspw215_info_cgi_bof, an Exploit-DB entry (34063), a 2014 archived blog post on devttys0.com detailing the hack, a Fortinet FortiGuard IPS signature for the POST request buffer overflow, and a Vulncheck advisory on the D-Link stack-based buffer overflow RCE. No specific patch or mitigation details are outlined in the provided description.

Public exploit code has been available since at least 2014, suggesting potential for real-world exploitation against unpatched devices.

EU & UK References

Vulnerability details

A stack-based buffer overflow vulnerability in the my_cgi.cgi component of certain D-Link devices, including the DSP-W215 version 1.02, can be exploited via a specially crafted HTTP POST request to the /common/info.cgi endpoint. This flaw enables an unauthenticated attacker to achieve…

more

remote code execution with system-level privileges.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Stack-based buffer overflow in public-facing CGI endpoint (/common/info.cgi) directly enables unauthenticated remote code execution on the device.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-70232Same vendor: Dlink
CVE-2025-70219Same vendor: Dlink
CVE-2024-57440Same vendor: Dlink
CVE-2025-70225Same vendor: Dlink
CVE-2025-70246Same vendor: Dlink
CVE-2025-70220Same vendor: Dlink
CVE-2025-70242Same vendor: Dlink
CVE-2025-70226Same vendor: Dlink
CVE-2025-70229Same vendor: Dlink
CVE-2025-25745Same vendor: Dlink

Affected Assets

dlink
dsp-w215 firmware
1.02

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the improper input validation in HTTP POST requests that causes the stack-based buffer overflow.

prevent

Implements memory protection mechanisms like stack canaries and non-executable memory to block exploitation of stack-based buffer overflows.

prevent

Requires timely flaw remediation to patch the specific buffer overflow vulnerability in the my_cgi.cgi component.

References