Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Dir\-850l_firmware
(Dlink)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 27 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-09-13 | CVE-2017-14429 | The DHCP client on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices allows unauthenticated remote code execution as root because /etc/services/INET/inet_ipv4.php mishandles shell metacharacters, affecting generated files such as WAN-1-udhcpc.sh. | Dir\-850l_firmware | 9.8 | ||
| 2017-09-13 | CVE-2017-14430 | D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices allow remote attackers to cause a denial of service (daemon crash) via crafted LAN traffic. | Dir\-850l_firmware | 7.5 | ||
| 2017-12-16 | CVE-2017-3193 | Multiple D-Link devices including the DIR-850L firmware versions 1.14B07 and 2.07.B05 contain a stack-based buffer overflow vulnerability in the web administration interface HNAP service. | Dir\-850l_firmware | 8.8 | ||
| 2017-09-13 | CVE-2017-14413 | D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/wpsacts.php. | Dir\-850l_firmware | 6.1 | ||
| 2017-09-13 | CVE-2017-14414 | D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/shareport.php. | Dir\-850l_firmware | 6.1 | ||
| 2017-09-13 | CVE-2017-14415 | D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/sitesurvey.php. | Dir\-850l_firmware | 6.1 | ||
| 2017-09-13 | CVE-2017-14416 | D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/wandetect.php. | Dir\-850l_firmware | 6.1 | ||
| 2017-09-13 | CVE-2017-14417 | register_send.php on D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices does not require authentication, which can result in unintended enrollment in mydlink Cloud Services. | Dir\-850l_firmware | 9.8 | ||
| 2017-09-13 | CVE-2017-14418 | The D-Link NPAPI extension, as used in conjunction with D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices, sends the cleartext admin password over the Internet as part of interaction with mydlink Cloud Services. | Dir\-850l_firmware | 8.1 | ||
| 2017-09-13 | CVE-2017-14421 | D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices have a hardcoded password of wrgac25_dlink.2013gui_dir850l for the Alphanetworks account upon device reset, which allows remote attackers to obtain root access via a TELNET session. | Dir\-850l_firmware | 9.8 |