Dlink Dir-850L Firmware vulnerabilities

26 known vulnerabilities affecting dlink/dir-850l_firmware.

Total CVEs
26
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL6HIGH13MEDIUM7

Vulnerabilities

Page 2 of 2
CVE-2017-14420MEDIUMCVSS 5.9≤ fw114wwb07_h2ab_beta1≤ fw208wwb022017-09-13
CVE-2017-14420 [MEDIUM] CWE-295 CVE-2017-14420: The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
nvd
CVE-2017-14414MEDIUMCVSS 6.1fixed in fw114wwb07_h2abvfw114wwb07_h2ab2017-09-13
CVE-2017-14414 [MEDIUM] CWE-79 CVE-2017-14414: D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/shareport.php.
nvd
CVE-2017-14413MEDIUMCVSS 6.1fixed in fw114wwb07_h2abvfw114wwb07_h2ab2017-09-13
CVE-2017-14413 [MEDIUM] CWE-79 CVE-2017-14413: D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/wpsacts.php.
nvd
CVE-2017-14419MEDIUMCVSS 5.9fixed in fw114wwb07_h2abvfw114wwb07_h2ab+1 more2017-09-13
CVE-2017-14419 [MEDIUM] CWE-295 CVE-2017-14419: The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices, participates in mydlink Cloud Services by establishing a TCP relay service for HTTP, even though a TCP relay service for HTTPS is also established.
nvd
CVE-2017-14416MEDIUMCVSS 6.1fixed in fw114wwb07_h2abvfw114wwb07_h2ab2017-09-13
CVE-2017-14416 [MEDIUM] CWE-79 CVE-2017-14416: D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/wandetect.php.
nvd
CVE-2017-14415MEDIUMCVSS 6.1fixed in fw114wwb07_h2abvfw114wwb07_h2ab2017-09-13
CVE-2017-14415 [MEDIUM] CWE-79 CVE-2017-14415: D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/sitesurvey.php.
nvd
← Previous2 / 2