CVE-2002-1865

D-Link DI-804 4.68 and DL-704 V2.56b5-V2.56b6 - Denial of Service via Long HTTP Header

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-1865. PoCs published by Mark Litchfield.

AI-analyzed exploit summary This exploit demonstrates a denial of service vulnerability in several networking devices by sending an HTTP request with an overly long 'Host' header. The vulnerability is speculated to be caused by a buffer overflow in the embedded web server, leading to device malfunction.

Description

Buffer overflow in the Embedded HTTP server, as used in (1) D-Link DI-804 4.68, Dl-704 V2.56b6, and Dl-704 V2.56b5 and (2) Linksys Etherfast BEFW11S4 Wireless AP + Cable/DSL Router 1.37.2 through 1.42.7 and Linksys WAP11 1.3 and 1.4, allows remote attackers to cause a denial of service (crash) via a long header, as demonstrated using the Host header.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Mark Litchfield · textdoshardware
https://www.exploit-db.com/exploits/21978

This exploit demonstrates a denial of service vulnerability in several networking devices by sending an HTTP request with an overly long 'Host' header. The vulnerability is speculated to be caused by a buffer overflow in the embedded web server, leading to device malfunction.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: various networking devices (unspecified versions)
No auth needed
Prerequisites: network access to the target device
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/6090
Third Party Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/10537.php
Exploit, Vendor Advisory mailing-list x_refsource_vulnwatch
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0052.html

Scores

EPSS 0.0291
EPSS Percentile 85.2%

Details

Status published
Products (11)
d-link/di-804 4.68
d-link/dl-704 2.56_b5
d-link/dl-704 2.56_b6
linksys/befw11s4 1.4.2.7
linksys/befw11s4 1.37.2
linksys/befw11s4 1.37.2b
linksys/befw11s4 1.37.9b
linksys/befw11s4 1.40.3
linksys/befw11s4 1.42.7
linksys/wap11 1.3
... and 1 more
Published Dec 31, 2002
Tracked Since Feb 18, 2026