CVE-2021-29295
HIGHD-Link DSP-W215 1.10 - Denial of Service via HTTP Request Without URL
Title source: llmDescription
Null Pointer Dereference vulnerability exists in D-Link DSP-W215 1.10, which could let a remote malicious user cause a denial of servie via usr/bin/lighttpd. It could be triggered by sending an HTTP request without URL in the start line directly to the device. NOTE: The DSP-W215 and all hardware revisions is considered End of Life and as such this issue will not be patched
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://www.dlink.com/en/security-bulletin/
Vendor Advisory x_refsource_misc
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10211
Scores
CVSS v3
7.5
EPSS
0.0044
EPSS Percentile
63.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-476
Status
published
Products (1)
dlink/dsp-w215_firmware
1.10
Published
Aug 10, 2021
Tracked Since
Feb 18, 2026