23 matches found
D-Link DWR-932B Directory Traversal Vulnerability
The D-Link DWR-932B is a popular router device. A directory traversal vulnerability exists in the D-Link DWR-932B, which allows remote attackers to exploit the vulnerability by submitting a special request to read the contents of an arbitrary file...
Command injection
An issue was discovered on the D-Link DWR-932B router. HELODBG on port 39889 UDP launches the "/sbin/telnetd -l /bin/sh" command...
Design/Logic Flaw
An issue was discovered on the D-Link DWR-932B router. qmiweb allows directory listing with ../ traversal...
Design/Logic Flaw
An issue was discovered on the D-Link DWR-932B router. WPS PIN generation is based on srandtime0 seeding...
Default credentials
An issue was discovered on the D-Link DWR-932B router. Undocumented TELNET and SSH services provide logins to admin with the password admin and root with the password 1234...
CVE-2016-10177
An issue was discovered on the D-Link DWR-932B router. Undocumented TELNET and SSH services provide logins to admin with the password admin and root with the password 1234...
CVE-2016-10178
An issue was discovered on the D-Link DWR-932B router. HELODBG on port 39889 UDP launches the "/sbin/telnetd -l /bin/sh" command...
CVE-2016-10180
An issue was discovered on the D-Link DWR-932B router. WPS PIN generation is based on srandtime0 seeding...
CVE-2016-10186
An issue was discovered on the D-Link DWR-932B router. /var/miniupnpd.conf has no deny rules...
CVE-2016-10180
An issue was discovered on the D-Link DWR-932B router. WPS PIN generation is based on srandtime0 seeding...
CVE-2016-10177
An issue was discovered on the D-Link DWR-932B router. Undocumented TELNET and SSH services provide logins to admin with the password admin and root with the password 1234...
CVE-2016-10180
An issue was discovered on the D-Link DWR-932B router. WPS PIN generation is based on srandtime0 seeding...
CVE-2016-10185
An issue was discovered on the D-Link DWR-932B router. A securemode=no line exists in /var/miniupnpd.conf...
CVE-2016-10177
CVE-2016-10177 affects the D-Link DWR-932B router. Multiple sources (NVD, CNVD, CVE records) describe a vulnerability where undocumented TELNET and SSH services enable logins using credentials admin/admin for admin and root/1234 for root. Root cause: presence of open/undocumented login interfaces...
CVE-2016-10178
The D-Link DWR-932B router is affected by CVE-2016-10178. A vulnerability in the device allows a remote attacker to trigger a shell with /sbin/telnetd -l /bin/sh via HELODBG on UDP port 39889, effectively enabling remote command execution. The CNVD entry describes input validation issues enabling...
CVE-2016-10180
CVE-2016-10180 affects the D-Link DWR-932B router. The WPS PIN generation is based on srand(time(0)) seeding, enabling potential PIN predictability. Connected sources confirm the issue and link to multiple entries, with no publicly documented patch/version details in the provided documents. Pract...
CVE-2016-10181
The CVE affects the D-Link DWR-932B router. A information disclosure vulnerability exists where qmiweb exposes sensitive information for CfgType=get_homeCfg requests. Connected CNVD entry confirms the issue on DWR-932B and notes firmware version 02.02eu as affected; the NVD entry defines the impa...
CVE-2016-10182
The CVE-2016-10182 entry concerns the D-Link DWR-932B router. A vulnerability in the qmiweb interface allows command injection via the backtick character, enabling remote execution. The issue is documented with a high severity (CVSS v3.1 base score 9.8) and network attack vector, with no public r...
CVE-2016-10183
The CVE-2016-10183 issue affects the D-Link DWR-932B router, caused by a directory traversal in the qmiweb component that allows listing directory contents via ../ traversal. Public records (NVD, CNVD, CVE lists) confirm the affected device and vector but do not provide concrete firmware versions...
CVE-2016-10184
CVE-2016-10184 affects the D-Link DWR-932B router. The qmiweb component enables arbitrary file reading via directory traversal ("..%2f"), allowing read access to files on the device. This aligns with the CVSS details: Confidentiality impact is PARTIAL, with no integrity or availability impact rep...