CVE-2014-7857
CVE-2014-7857 affects multiple D-Link NAS/DVR devices (DNS-320L, DNS-327L, DNR-326, DNS-320B, DNS-345, DNS-325, DNS-322L). The root issue is a weakness in the authentication flow: an attacker can bypass login by sending the cgi_set_wto command in the cmd parameter and forcing the spawned session ...