CVE-2014-125117 CRITICAL

CVE-2014-125117: D-Link info.cgi POST Request Stack-Based Buffer Overflow RCE

Vendor D-Link
Product DSP-W215
Weakness CWE-121
Published July 25, 2025
Last update April 7, 2026

CVSS base score

9.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A stack-based buffer overflow vulnerability in the my_cgi.cgi component of certain D-Link devices, including the DSP-W215 version 1.02, can be exploited via a specially crafted HTTP POST request to the /common/info.cgi endpoint. This flaw enables an unauthenticated attacker to achieve remote code execution with system-level privileges.

Key dates

02Disclosure timeline

July 25, 2025 CVE published
April 7, 2026 Record updated

Related vulnerabilities

04Related CVE