Detections
Analytics

Multi-Router Looking Glass (MRLG) Buffer Overflow Vulnerability (CVE-2014-3931)

critical Nessus Plugin ID 271368

Language:

Synopsis

Multi-Router Looking Glass (MRLG) affected by buffer overflow in fastping.c before version 5.5.0 RCE.

Description

The version of Multi-Router Looking Glass (MRLG) installed on the remote host is prior to 5.5.0. It is, therefore, affected by a memory-handling vulnerability in fastping.c that can be triggered remotely without authentication. Therefore, an attacker could send crafted input through the MRLG interface or over the network to corrupt memory and potentially execute arbitrary code with the privileges of the web-server process, exposing the system to full compromise. Administrators are advised to upgrade to MRLG 5.5.0 immediately.
 Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Multi-Router Looking Glass version 5.5.0 or later.

See Also

https://mrlg.op-sec.us/

Plugin Details

Severity: Critical

ID: 271368

File Name: op-sec_mrlg_CVE-2014-3931.nasl

Version: 1.2

Type: remote

Family: CGI abuses

Published: 10/24/2025

Updated: 10/25/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2014-3931

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:multi-router_looking_glass_project:multi-router_looking_glass

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/31/2017

Vulnerability Publication Date: 3/31/2017

CISA Known Exploited Vulnerability Due Dates: 7/28/2025

Reference Information

CVE: CVE-2014-3931