CVE-2017-14419

CWE-295 — Improper Certificate Validation3 documents3 sources

Severity

5.9MEDIUM

EPSS

0.5%

top 35.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dlink Dir-850l Firmware

Timeline

PublishedSep 13

Latest updateMay 17

Description

The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices, participates in mydlink Cloud Services by establishing a TCP relay service for HTTP, even though a TCP relay service for HTTPS is also established.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages1 packages

▶NVDdlink/dir-850l_firmware< fw114wwb07_h2ab+2

🔴Vulnerability Details

GHSA

GHSA-6jmw-p67p-7q5c: The D-Link NPAPI extension, as used on D-Link DIR-850L REV↗2022-05-17

▶

CVEList

CVE-2017-14419: The D-Link NPAPI extension, as used on D-Link DIR-850L REV↗2017-09-13

▶