Lucene search

[email protected]NVD:CVE-2014-7857

HistoryAug 25, 2017 - 6:29 p.m.

CVE-2014-7857

2017-08-2518:29:00

CWE-287

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.006

Percentile

77.7%

JSON

D-Link DNS-320L firmware before 1.04b12, DNS-327L before 1.03b04 Build0119, DNR-326 1.40b03, DNS-320B 1.02b01, DNS-345 1.03b06, DNS-325 1.05b03, and DNS-322L 2.00b07 allow remote attackers to bypass authentication and log in with administrator permissions by passing the cgi_set_wto command in the cmd parameter, and setting the spawned session’s cookie to username=admin.

Affected configurations

Nvd

Node

dlinkdns-322lMatch-

AND

d-linkdns-322l_firmwareRange≤2.00b07

Node

dlinkdns-325Match-

AND

d-linkdns-325_firmwareRange≤1.05b03

Node

dlinkdns-345Match-

AND

d-linkdns-345_firmwareRange≤1.03b06

Node

dlinkdns-320bMatch-

AND

d-linkdns-320b_firmwareRange≤1.02b01

Node

dlinkdnr-326Match-

AND

d-linkdnr-326_firmwareRange≤1.40b03

Node

dlinkdns-327lMatch-

AND

d-linkdns-327l_firmwareRange≤1.02

Node

dlinkdns-320lMatch-

AND

d-linkdns-320l_firmwareRange≤1.03b04

VendorProductVersionCPE
dlinkdns-322l-cpe:2.3:h:dlink:dns-322l:-:*:*:*:*:*:*:*
d-linkdns-322l_firmware*cpe:2.3:o:d-link:dns-322l_firmware:*:*:*:*:*:*:*:*
dlinkdns-325-cpe:2.3:h:dlink:dns-325:-:*:*:*:*:*:*:*
d-linkdns-325_firmware*cpe:2.3:o:d-link:dns-325_firmware:*:*:*:*:*:*:*:*
dlinkdns-345-cpe:2.3:h:dlink:dns-345:-:*:*:*:*:*:*:*
d-linkdns-345_firmware*cpe:2.3:o:d-link:dns-345_firmware:*:*:*:*:*:*:*:*
dlinkdns-320b-cpe:2.3:h:dlink:dns-320b:-:*:*:*:*:*:*:*
d-linkdns-320b_firmware*cpe:2.3:o:d-link:dns-320b_firmware:*:*:*:*:*:*:*:*
dlinkdnr-326-cpe:2.3:h:dlink:dnr-326:-:*:*:*:*:*:*:*
d-linkdnr-326_firmware*cpe:2.3:o:d-link:dnr-326_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dlink	dns-322l	-	cpe:2.3:h:dlink:dns-322l:-:::::::*
d-link	dns-322l_firmware	*	cpe:2.3:o:d-link:dns-322l_firmware::::::::
dlink	dns-325	-	cpe:2.3:h:dlink:dns-325:-:::::::*
d-link	dns-325_firmware	*	cpe:2.3:o:d-link:dns-325_firmware::::::::
dlink	dns-345	-	cpe:2.3:h:dlink:dns-345:-:::::::*
d-link	dns-345_firmware	*	cpe:2.3:o:d-link:dns-345_firmware::::::::
dlink	dns-320b	-	cpe:2.3:h:dlink:dns-320b:-:::::::*
d-link	dns-320b_firmware	*	cpe:2.3:o:d-link:dns-320b_firmware::::::::
dlink	dnr-326	-	cpe:2.3:h:dlink:dnr-326:-:::::::*
d-link	dnr-326_firmware	*	cpe:2.3:o:d-link:dnr-326_firmware::::::::

Rows per page:

1-10 of 141

References

packetstormsecurity.com/files/132075/D-Link-Bypass-Buffer-Overflow.html

seclists.org/fulldisclosure/2015/May/125

www.search-lab.hu/media/D-Link_Security_advisory_3_0_public.pdf

www.securityfocus.com/archive/1/535626/100/200/threaded

www.securityfocus.com/bid/74880

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.006

Percentile

77.7%

JSON

Related for NVD:CVE-2014-7857

prion1 cve1 cvelist1 securityvulns1