Show filters
14 Total Results
Displaying 1-10 of 14
Sort by:
Attacker Value
Unknown
CVE-2017-14422
Disclosure Date: September 13, 2017 (last updated November 09, 2023)
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices use the same hardcoded /etc/stunnel.key private key across different customers' installations, which allows remote attackers to defeat the HTTPS cryptographic protection mechanisms by leveraging knowledge of this key from another installation.
0
Attacker Value
Unknown
CVE-2017-14416
Disclosure Date: September 13, 2017 (last updated November 09, 2023)
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/wandetect.php.
0
Attacker Value
Unknown
CVE-2017-14429
Disclosure Date: September 13, 2017 (last updated November 18, 2023)
The DHCP client on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices allows unauthenticated remote code execution as root because /etc/services/INET/inet_ipv4.php mishandles shell metacharacters, affecting generated files such as WAN-1-udhcpc.sh.
0
Attacker Value
Unknown
CVE-2017-14423
Disclosure Date: September 13, 2017 (last updated November 09, 2023)
htdocs/parentalcontrols/bind.php on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices does not prevent unauthenticated nonce-guessing attacks, which makes it easier for remote attackers to change the DNS configuration via a series of requests.
0
Attacker Value
Unknown
CVE-2017-14419
Disclosure Date: September 13, 2017 (last updated November 18, 2023)
The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices, participates in mydlink Cloud Services by establishing a TCP relay service for HTTP, even though a TCP relay service for HTTPS is also established.
0
Attacker Value
Unknown
CVE-2017-14426
Disclosure Date: September 13, 2017 (last updated November 18, 2023)
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0644 /var/etc/shadow (aka the /etc/shadow symlink target) permissions.
0
Attacker Value
Unknown
CVE-2017-14413
Disclosure Date: September 13, 2017 (last updated November 09, 2023)
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/wpsacts.php.
0
Attacker Value
Unknown
CVE-2017-14414
Disclosure Date: September 13, 2017 (last updated November 09, 2023)
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/shareport.php.
0
Attacker Value
Unknown
CVE-2017-14428
Disclosure Date: September 13, 2017 (last updated November 18, 2023)
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/run/hostapd* permissions.
0
Attacker Value
Unknown
CVE-2017-14415
Disclosure Date: September 13, 2017 (last updated November 09, 2023)
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/sitesurvey.php.
0
