CVE-2014-125117
CRITICALCVSS v3
9.8
CRITICAL
EPSS Score
48.5%
exploit probability
CISA KEV
No
known exploited
Exploitation
—
SSVC status
Description
A stack-based buffer overflow vulnerability in the my_cgi.cgi component of certain D-Link devices, including the DSP-W215 version 1.02, can be exploited via a specially crafted HTTP POST request to the /common/info.cgi endpoint. This flaw enables an unauthenticated attacker to achieve remote code execution with system-level privileges.
Technical Details
- CVSS v3 Vector
- 3.1
- Published
- 7/25/2025
- Last Modified
- 9/23/2025
Frequently Asked Questions
What is CVE-2014-125117?
A stack-based buffer overflow vulnerability in the my_cgi.cgi component of certain D-Link devices, including the DSP-W215 version 1.02, can be exploited via a specially crafted HTTP POST request to the /common/info.cgi endpoint. This flaw enables an unauthenticated attacker to achieve remote code execution with system-level privileges.
Is CVE-2014-125117 actively exploited?
Active exploitation of CVE-2014-125117 has not been confirmed. The EPSS score is 48.5%, indicating the estimated probability of exploitation in the next 30 days.
What is the CVSS score for CVE-2014-125117?
CVE-2014-125117 has a CVSS v3 base score of 9.8 (CRITICAL severity), with vector string 3.1.
Is CVE-2014-125117 affecting your environment?
Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.