CVE-2014-7860
published 2017-08-25CVE-2014-7860: The web/web_file/fb_publish.php script in D-Link DNS-320L before 1.04b12 and DNS-327L before 1.03b04 Build0119 does not authenticate requests, which allows…
medium5.3CVSS 3.0
AVNACLPRNUINSUCLINAN
The web/web_file/fb_publish.php script in D-Link DNS-320L before 1.04b12 and DNS-327L before 1.03b04 Build0119 does not authenticate requests, which allows remote attackers to obtain arbitrary photos and publish them to an arbitrary Facebook profile via a target album_id and access_token.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| d-link | dns-320l_firmware | <= 1.03b04 | — |
| d-link | dns-327l_firmware | <= 1.02 | — |