CVE-2014-125117
Published: 25 July 2025
Summary
CVE-2014-125117 is a critical-severity Improper Input Validation (CWE-20) vulnerability in Dlink Dsp-W215 Firmware. Its CVSS base score is 9.3 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 1.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2014-125117 is a stack-based buffer overflow vulnerability in the my_cgi.cgi component of certain D-Link devices, including the DSP-W215 version 1.02. The issue arises from a specially crafted HTTP POST request sent to the /common/info.cgi endpoint, leading to improper input validation (CWE-20) and stack-based buffer overflow (CWE-121).
Unauthenticated attackers can exploit this vulnerability remotely over the network with low attack complexity and no user interaction required. Successful exploitation enables remote code execution with system-level privileges, as indicated by the CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
References include a Metasploit exploit module for linux/http/dlink_dspw215_info_cgi_bof, an Exploit-DB entry (34063), a 2014 archived blog post on devttys0.com detailing the hack, a Fortinet FortiGuard IPS signature for the POST request buffer overflow, and a Vulncheck advisory on the D-Link stack-based buffer overflow RCE. No specific patch or mitigation details are outlined in the provided description.
Public exploit code has been available since at least 2014, suggesting potential for real-world exploitation against unpatched devices.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2014-9810
Vulnerability details
A stack-based buffer overflow vulnerability in the my_cgi.cgi component of certain D-Link devices, including the DSP-W215 version 1.02, can be exploited via a specially crafted HTTP POST request to the /common/info.cgi endpoint. This flaw enables an unauthenticated attacker to achieve…
more
remote code execution with system-level privileges.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in public-facing CGI endpoint (/common/info.cgi) directly enables unauthenticated remote code execution on the device.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly addresses the improper input validation in HTTP POST requests that causes the stack-based buffer overflow.
Implements memory protection mechanisms like stack canaries and non-executable memory to block exploitation of stack-based buffer overflows.
Requires timely flaw remediation to patch the specific buffer overflow vulnerability in the my_cgi.cgi component.