Skip to main content
Live Webinar with SANS (June 25)— Agentic CTI Automation for Fun & ProfitRegister Free
Mallory
Back to vulnerabilities
MediumPublic exploit

Out-of-bounds Read in mini_httpd long protocol string handling

IdentifiersCVE-2015-1548CWE-125

CVE-2015-1548 affects mini_httpd 1.21 and earlier. The vulnerability is triggered by an HTTP request containing an excessively long protocol string, which causes an incorrect response size calculation and results in an out-of-bounds read from process memory. Because mini_httpd is embedded in various network appliances and SOHO/IoT devices, a remote attacker can exploit the flaw over the network to cause the server to return memory contents beyond the intended buffer boundary, exposing sensitive information resident in the process address space.

Share:
For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial
ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation allows a remote unauthenticated attacker to disclose sensitive information from process memory. Depending on what is present in memory at the time of exploitation, this may include credentials, session material, configuration data, pointers, or other process-resident data useful for follow-on compromise. In embedded-device contexts, the flaw can aid reconnaissance and facilitate further intrusion by leaking information from vulnerable services exposed over HTTP.

Mitigation

If you can’t patch tonight, do this now.

If immediate patching is not possible, restrict HTTP/HTTPS access to trusted management networks, disable or firewall internet exposure of the affected web service, and place vulnerable devices behind access controls or VPN-only administration paths. Monitor for malformed HTTP requests with unusually long protocol strings and for anomalous responses that may indicate memory disclosure attempts. Where feasible, disable the embedded web interface until remediation is completed.

Remediation

Patch, then assume compromise.

Upgrade mini_httpd to a fixed version later than 1.21, or apply the vendor-supplied patch if one is available for the affected product embedding mini_httpd. For appliances and embedded devices, install the latest firmware from the device vendor because the vulnerable component is often bundled within the firmware rather than managed separately. Identify internet-exposed devices using mini_httpd and prioritize patching or replacement where vendor support is unavailable.
PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType
AcmeMini Httpdapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

3 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

3 SOURCESView more in app
the hacker newsNews
Jun 27, 2025
Over 1,000 SOHO Devices Hacked in China-linked LapDogs Cyber Espionage Campaign

An older (N-day) vulnerability referenced as being weaponized to gain initial access to primarily Linux-based SOHO devices in the LapDogs ORB campaign.

Read more
bank info securityNews
Jun 23, 2025
Chinese Hackers Turn Unpatched Routers Into ORB Spy Network

A buffer memory overrun vulnerability in a small embedded open-source HTTP server used in various IoT/router devices, contributing to compromise of unpatched devices used as ORB infrastructure.

Read more
security weekNews
Nov 27, 2025
Chinese APT Hacking Routers to Build Espionage Infrastructure

An SSH-related vulnerability present on older/unpatched SOHO router/access point devices that the campaign’s compromised nodes were found to be vulnerable to.

Read more
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.
Start free trial
Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence1

Every observed campaign linking this CVE to a named adversary.

Associated malware3

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES
MITRE CVE
cve.org · CVE-2015-1548
NVD
nvd.nist.gov/vuln/detail/CVE-2015-1548
MITRE CWE · CWE-125
cwe.mitre.org
Exploit
itinsight.hu/en/posts/articles/2015-01-23-mini-httpd
securityfocus.com
securityfocus.com/bid/73450