Stack-based buffer overflow in login_mgr.cgi in D-Link firmware DNR-320L and DNS-320LW before 1.04b08, DNR-322L before 2.10 build 03, DNR-326 before 2.10 build 03, and DNS-327L before 1.04b01 allows remote attackers to execute arbitrary code by crafting malformed "Host" and "Referer" header values.
2017-08-25T18:29:00.340
2025-04-20T01:37:25.860
Deferred
CVSSv3.0: 9.8 (CRITICAL)
AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | d-link | dns-322l_firmware | ≤ 2.00b07 | Yes |
| Hardware | dlink | dns-322l | - | No |
| Operating System | d-link | dns-320lw_firmware | ≤ 1.03b04 | Yes |
| Hardware | dlink | dns-320lw | - | No |
| Operating System | d-link | dnr-326_firmware | ≤ 1.40b03 | Yes |
| Hardware | dlink | dnr-326 | - | No |
| Operating System | d-link | dns-327l_firmware | ≤ 1.02 | Yes |
| Hardware | dlink | dns-327l | - | No |
| Operating System | d-link | dnr-320l_firmware | ≤ 1.03b04 | Yes |
| Hardware | dlink | dnr-320l | - | No |