CVE-2014-125122

A stack-based buffer overflow vulnerability exists in the tmUnblock.cgi endpoint of the Linksys WRT120N wireless router. The vulnerability is triggered by sending a specially crafted HTTP POST request with an overly long TM_Block_URL parameter to the endpoint. By exploiting this flaw, an unauthenticated remote attacker can overwrite memory in a controlled manner, enabling them to temporarily reset the administrator password of the device to a blank value. This grants unauthorized access to the router’s web management interface without requiring valid credentials.

CVSS

No CVSS.

References

Link	Resource
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/admin/http/linksys_tmunblock_admin_reset_bof.rb
https://web.archive.org/web/20210424073058/http://www.devttys0.com/2014/02/wrt120n-fprintf-stack-overflow/
https://www.exploit-db.com/exploits/31758
https://www.vulncheck.com/advisories/linksys-wrt120n-stack-based-buffer-overflow-admin-password-reset

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Existe una vulnerabilidad de desbordamiento de búfer en la pila en el endpoint tmUnblock.cgi del router inalámbrico Linksys WRT120N. La vulnerabilidad se activa al enviar una solicitud HTTP POST especialmente manipulada con un parámetro TM_Block_URL demasiado largo al endpoint. Al explotar esta vulnerabilidad, un atacante remoto no autenticado puede sobrescribir la memoria de forma controlada, lo que le permite restablecer temporalmente la contraseña de administrador del dispositivo a un valor vacío. Esto permite el acceso no autorizado a la interfaz de administración web del router sin necesidad de credenciales válidas.

31 Jul 2025, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-31 15:15

Updated : 2026-04-15 00:35

NVD link : CVE-2014-125122

Mitre link : CVE-2014-125122

CVE.ORG link : CVE-2014-125122

JSON object : View

Products Affected

No product.

CWE

CWE-121

Stack-based Buffer Overflow

{"id": "CVE-2014-125122", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.3, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-07-31T15:15:34.620", "references": [{"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/admin/http/linksys_tmunblock_admin_reset_bof.rb", "source": "disclosure@vulncheck.com"}, {"url": "https://web.archive.org/web/20210424073058/http://www.devttys0.com/2014/02/wrt120n-fprintf-stack-overflow/", "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/31758", "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/linksys-wrt120n-stack-based-buffer-overflow-admin-password-reset", "source": "disclosure@vulncheck.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-121"}]}], "descriptions": [{"lang": "en", "value": "A stack-based buffer overflow vulnerability exists in the tmUnblock.cgi endpoint of the Linksys WRT120N wireless router. The vulnerability is triggered by sending a specially crafted HTTP POST request with an overly long TM_Block_URL parameter to the endpoint. By exploiting this flaw, an unauthenticated remote attacker can overwrite memory in a controlled manner, enabling them to temporarily reset the administrator password of the device to a blank value. This grants unauthorized access to the router\u2019s web management interface without requiring valid credentials."}, {"lang": "es", "value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer en la pila en el endpoint tmUnblock.cgi del router inal\u00e1mbrico Linksys WRT120N. La vulnerabilidad se activa al enviar una solicitud HTTP POST especialmente manipulada con un par\u00e1metro TM_Block_URL demasiado largo al endpoint. Al explotar esta vulnerabilidad, un atacante remoto no autenticado puede sobrescribir la memoria de forma controlada, lo que le permite restablecer temporalmente la contrase\u00f1a de administrador del dispositivo a un valor vac\u00edo. Esto permite el acceso no autorizado a la interfaz de administraci\u00f3n web del router sin necesidad de credenciales v\u00e1lidas."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "disclosure@vulncheck.com"}