CVE-2017-14422
published 2017-09-13CVE-2017-14422: D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices use the same hardcoded…
high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices use the same hardcoded /etc/stunnel.key private key across different customers' installations, which allows remote attackers to defeat the HTTPS cryptographic protection mechanisms by leveraging knowledge of this key from another installation.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dlink | dir-850l_firmware | < fw114wwb07_h2ab | fw114wwb07_h2ab |
| dlink | dir-850l_firmware | <= fw208wwb02 | — |
| dlink | dir-850l_firmware | — | — |