|
252551
|
9.8 |
CRITICAL
Network
|
dlink
|
dir-850l_firmware
|
The DHCP client on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices allows unauthenticated remote code execution as root beca…
|
CWE-78
OS Command
|
CVE-2017-14429
|
2024-11-21 12:12 |
2017-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252552
|
7.8 |
HIGH
Local
|
dlink
|
dir-850l_firmware
|
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/run/hostapd* permissions.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2017-14428
|
2024-11-21 12:12 |
2017-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252553
|
7.8 |
HIGH
Local
|
dlink
|
dir-850l_firmware
|
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/run/storage_account_root permissions.
|
CWE-276
Incorrect Default Permissions
|
CVE-2017-14427
|
2024-11-21 12:12 |
2017-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252554
|
7.8 |
HIGH
Local
|
dlink
|
dir-850l_firmware
|
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0644 /var/etc/shadow (aka the /etc/shadow symlink target) permissions.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2017-14426
|
2024-11-21 12:12 |
2017-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252555
|
7.8 |
HIGH
Local
|
dlink
|
dir-850l_firmware
|
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/etc/hnapasswd permissions.
|
CWE-276
Incorrect Default Permissions
|
CVE-2017-14425
|
2024-11-21 12:12 |
2017-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252556
|
7.8 |
HIGH
Local
|
dlink
|
dir-850l_firmware
|
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/passwd permissions.
|
CWE-276
Incorrect Default Permissions
|
CVE-2017-14424
|
2024-11-21 12:12 |
2017-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252557
|
7.5 |
HIGH
Network
|
dlink
|
dir-850l_firmware
|
htdocs/parentalcontrols/bind.php on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices does not prevent unauthenticated nonce-guessing attacks, which makes it easier for rem…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2017-14423
|
2024-11-21 12:12 |
2017-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252558
|
7.5 |
HIGH
Network
|
dlink
|
dir-850l_firmware
|
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices use the same hardcoded /etc/stunnel.key private key across different custome…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2017-14422
|
2024-11-21 12:12 |
2017-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252559
|
9.8 |
CRITICAL
Network
|
dlink
|
dir-850l_firmware
|
D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices have a hardcoded password of wrgac25_dlink.2013gui_dir850l for the Alphanetworks account upon device reset, which allows remote attac…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2017-14421
|
2024-11-21 12:12 |
2017-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252560
|
5.9 |
MEDIUM
Network
|
dlink
|
dir-850l_firmware
|
The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices, does not verify X.509 certificates f…
|
CWE-295
Improper Certificate Validation
|
CVE-2017-14420
|
2024-11-21 12:12 |
2017-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
