Lucene search

[email protected]CVE-2017-14418

HistorySep 13, 2017 - 5:29 p.m.

CVE-2017-14418

2017-09-1317:29:00

CWE-522

[email protected]

web.nvd.nist.gov

d-link

npapi

dir-850l

cve-2017-14418

firmware

security vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.7%

JSON

The D-Link NPAPI extension, as used in conjunction with D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices, sends the cleartext admin password over the Internet as part of interaction with mydlink Cloud Services.

Affected configurations

NVD

Node

dlinkdir-850l_firmwareRange≤fw208wwb02

AND

dlinkdir-850lMatch-

CPENameOperatorVersion
dlink:dir-850l_firmwaredlink dir-850l firmwarelefw208wwb02

CPE	Name	Operator	Version
dlink:dir-850l_firmware	dlink dir-850l firmware	le	fw208wwb02

References

pierrekim.github.io/blog/2017-09-08-dlink-850l-mydlink-cloud-0days-vulnerabilities.html

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.7%

JSON

Related for CVE-2017-14418

nvd1 cvelist1 prion1 openvas2