Dlink Dwr-932B Firmware vulnerabilities

10 known vulnerabilities affecting dlink/dwr-932b_firmware.

Total CVEs

10

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

CRITICAL3HIGH7

Vulnerabilities

Page 1 of 1

CVE-2016-10182CRITICALCVSS 9.8v02.02eu2017-01-30

CVE-2016-10182 [CRITICAL] CWE-77 CVE-2016-10182: An issue was discovered on the D-Link DWR-932B router. qmiweb allows command injection with ` charac An issue was discovered on the D-Link DWR-932B router. qmiweb allows command injection with ` characters.

CVE-2016-10177CRITICALCVSS 9.8v02.02eu2017-01-30

CVE-2016-10177 [CRITICAL] CWE-798 CVE-2016-10177: An issue was discovered on the D-Link DWR-932B router. Undocumented TELNET and SSH services provide An issue was discovered on the D-Link DWR-932B router. Undocumented TELNET and SSH services provide logins to admin with the password admin and root with the password 1234.

CVE-2016-10178CRITICALCVSS 9.8v02.02eu2017-01-30

CVE-2016-10178 [CRITICAL] CWE-254 CVE-2016-10178: An issue was discovered on the D-Link DWR-932B router. HELODBG on port 39889 (UDP) launches the "/sb An issue was discovered on the D-Link DWR-932B router. HELODBG on port 39889 (UDP) launches the "/sbin/telnetd -l /bin/sh" command.

CVE-2016-10186HIGHCVSS 7.5v02.02eu2017-01-30

CVE-2016-10186 [HIGH] CWE-399 CVE-2016-10186: An issue was discovered on the D-Link DWR-932B router. /var/miniupnpd.conf has no deny rules. An issue was discovered on the D-Link DWR-932B router. /var/miniupnpd.conf has no deny rules.

CVE-2016-10181HIGHCVSS 7.5v02.02eu2017-01-30

CVE-2016-10181 [HIGH] CWE-200 CVE-2016-10181: An issue was discovered on the D-Link DWR-932B router. qmiweb provides sensitive information for Cfg An issue was discovered on the D-Link DWR-932B router. qmiweb provides sensitive information for CfgType=get_homeCfg requests.

CVE-2016-10183HIGHCVSS 7.5v02.02eu2017-01-30

CVE-2016-10183 [HIGH] CWE-22 CVE-2016-10183: An issue was discovered on the D-Link DWR-932B router. qmiweb allows directory listing with ../ trav An issue was discovered on the D-Link DWR-932B router. qmiweb allows directory listing with ../ traversal.

CVE-2016-10185HIGHCVSS 7.5v02.02eu2017-01-30

CVE-2016-10185 [HIGH] CWE-254 CVE-2016-10185: An issue was discovered on the D-Link DWR-932B router. A secure_mode=no line exists in /var/miniupnp An issue was discovered on the D-Link DWR-932B router. A secure_mode=no line exists in /var/miniupnpd.conf.

CVE-2016-10180HIGHCVSS 7.5v02.02eu2017-01-30

CVE-2016-10180 [HIGH] CWE-335 CVE-2016-10180: An issue was discovered on the D-Link DWR-932B router. WPS PIN generation is based on srand(time(0)) An issue was discovered on the D-Link DWR-932B router. WPS PIN generation is based on srand(time(0)) seeding.

CVE-2016-10179HIGHCVSS 7.5v02.02eu2017-01-30

CVE-2016-10179 [HIGH] CWE-798 CVE-2016-10179: An issue was discovered on the D-Link DWR-932B router. There is a hardcoded WPS PIN of 28296607. An issue was discovered on the D-Link DWR-932B router. There is a hardcoded WPS PIN of 28296607.

CVE-2016-10184HIGHCVSS 7.5v02.02eu2017-01-30

CVE-2016-10184 [HIGH] CWE-22 CVE-2016-10184: An issue was discovered on the D-Link DWR-932B router. qmiweb allows file reading with ..%2f travers An issue was discovered on the D-Link DWR-932B router. qmiweb allows file reading with ..%2f traversal.