{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-14T17:26:51.705","vulnerabilities":[{"cve":{"id":"CVE-2017-14948","sourceIdentifier":"cve@mitre.org","published":"2019-10-14T18:15:10.263","lastModified":"2024-11-21T03:13:49.407","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Certain D-Link products are affected by: Buffer Overflow. This affects DIR-880L 1.08B04 and DIR-895 L\/R 1.13b03. The impact is: execute arbitrary code (remote). The component is: htdocs\/fileaccess.cgi. The attack vector is: A crafted HTTP request handled by fileacces.cgi could allow an attacker to mount a ROP attack: if the HTTP header field CONTENT_TYPE starts with ''boundary=' followed by more than 256 characters, a buffer overflow would be triggered, potentially causing code execution."},{"lang":"es","value":"Ciertos productos de D-Link se ven afectados por: Desbordamiento de búfer. Esto afecta a DIR-880L 1.08B04 y DIR-895 L\/R 1.13b03. El impacto es: ejecutar código arbitrario (remoto). El componente es: htdocs\/fileaccess.cgi. El vector de ataque es: una petición HTTP diseñada manejada por fileacces.cgi podría permitir que un atacante realice un ataque ROP: si el campo de encabezado HTTP CONTENT_TYPE comienza con ''boundary='' seguido de más de 256 caracteres, se desencadenará un desbordamiento de búfer, potencialmente causando la ejecución del código."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N\/AC:L\/Au:N\/C:P\/I:P\/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-120"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dlink:dir-868l_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"26512943-D705-484D-B9EA-BF401606DFA3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*","matchCriteriaId":"33B501D4-BDDD-485E-A5A3-8AA8D5E46061"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dlink:dir-890l_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"0BCCA2BB-4577-402C-88B5-F8E10770CA35"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:dlink:dir-890l:-:*:*:*:*:*:*:*","matchCriteriaId":"B1EA89C7-4655-43A3-9D2B-D57640D56C09"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dlink:dir-885l_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"3441E49F-C21B-4B68-89AD-BD46E8D88638"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:dlink:dir-885l:-:*:*:*:*:*:*:*","matchCriteriaId":"AD481B64-A25D-4123-B575-20EC3C524D9C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dlink:dir-895l_firmware:1.13b03:*:*:*:*:*:*:*","matchCriteriaId":"8AC402D8-0279-49B0-BB77-23B036A400C9"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:dlink:dir-895l:-:*:*:*:*:*:*:*","matchCriteriaId":"0B9EBC5D-43DE-4B26-8272-5A9AD2ECE2E2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dlink:dir-880l_firmware:1.08b04:*:*:*:*:*:*:*","matchCriteriaId":"75AEBC09-E4B8-46D6-BD72-5AB4522B732A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:dlink:dir-880l:-:*:*:*:*:*:*:*","matchCriteriaId":"CC772491-6371-4712-B358-E74D9C5062FD"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dlink:dir-895r_firmware:1.13b03:*:*:*:*:*:*:*","matchCriteriaId":"65C3BB4D-EEBE-4B06-9C4D-6181D66CB905"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:dlink:dir-895r:-:*:*:*:*:*:*:*","matchCriteriaId":"DF2DADDD-2F1C-458D-B3F5-07EE0FE35E92"}]}]}],"references":[{"url":"https:\/\/github.com\/badnack\/d_link_880_bug\/blob\/master\/README.md","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https:\/\/github.com\/badnack\/d_link_880_bug\/blob\/master\/README.md","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}