Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Dir\-850l_firmware
(Dlink)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 27 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-09-13 | CVE-2017-14422 | D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices use the same hardcoded /etc/stunnel.key private key across different customers' installations, which allows remote attackers to defeat the HTTPS cryptographic protection mechanisms by leveraging knowledge of this key from another installation. | Dir\-850l_firmware | 7.5 | ||
| 2017-09-13 | CVE-2017-14423 | htdocs/parentalcontrols/bind.php on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices does not prevent unauthenticated nonce-guessing attacks, which makes it easier for remote attackers to change the DNS configuration via a series of requests. | Dir\-850l_firmware | 7.5 | ||
| 2018-03-27 | CVE-2018-9032 | An authentication bypass vulnerability on D-Link DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Router (Hardware Version : A1, B1; Firmware Version : 1.02-2.06) devices potentially allows attackers to bypass SharePort Web Access Portal by directly visiting /category_view.php or /folder_view.php. | Dir\-850l_firmware | 9.8 | ||
| 2019-01-09 | CVE-2018-20675 | D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authentication bypass. | Dir\-822\-Us_firmware, Dir\-822_firmware, Dir\-850l_firmware, Dir\-880l_firmware | 9.8 | ||
| 2019-03-25 | CVE-2019-7642 | D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW (A1-1.04), DIR-816L (B1-2.06), DIR-816 (B1-2.06?), DIR-850L (A1-1.09), and DIR-868L (A1-1.10). | Dir\-816_firmware, Dir\-816l_firmware, Dir\-817lw_firmware, Dir\-850l_firmware, Dir\-868l_firmware | 7.5 | ||
| 2018-07-13 | CVE-2016-6563 | Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L, and DIR-850L. | Dir\-818l\(W\)_firmware, Dir\-822_firmware, Dir\-823_firmware, Dir\-850l_firmware, Dir\-868l_firmware, Dir\-880l_firmware, Dir\-885l_firmware, Dir\-890l_firmware, Dir\-895l_firmware | 9.8 | ||
| 2019-01-08 | CVE-2018-20674 | D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authenticated remote command execution. | Dir\-822\-Us_firmware, Dir\-822_firmware, Dir\-850l_firmware, Dir\-880l_firmware | 8.8 |