CVE-2017-14429
published 2017-09-13CVE-2017-14429: The DHCP client on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices allows…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
The DHCP client on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices allows unauthenticated remote code execution as root because /etc/services/INET/inet_ipv4.php mishandles shell metacharacters, affecting generated files such as WAN-1-udhcpc.sh.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dlink | dir-850l_firmware | < fw114wwb07_h2ab | fw114wwb07_h2ab |
| dlink | dir-850l_firmware | <= fw208wwb02 | — |
| dlink | dir-850l_firmware | — | — |