CVE-2016-10178

An issue was discovered on the D-Link DWR-932B router. HELODBG on port 39889 (UDP) launches the "/sbin/telnetd -l /bin/sh" command.

CVE-2016-10182

An issue was discovered on the D-Link DWR-932B router. qmiweb allows command injection with ` characters.

CVE-2016-10183

An issue was discovered on the D-Link DWR-932B router. qmiweb allows directory listing with ../ traversal.

CVE-2016-10181

An issue was discovered on the D-Link DWR-932B router. qmiweb provides sensitive information for CfgType=get_homeCfg requests.

CVE-2016-10180

An issue was discovered on the D-Link DWR-932B router. WPS PIN generation is based on srand(time(0)) seeding.

CVE-2016-10186

An issue was discovered on the D-Link DWR-932B router. /var/miniupnpd.conf has no deny rules.

CVE-2016-10185

An issue was discovered on the D-Link DWR-932B router. A secure_mode=no line exists in /var/miniupnpd.conf.

CVE-2016-10184

An issue was discovered on the D-Link DWR-932B router. qmiweb allows file reading with ..%2f traversal.

CVE-2016-10179

An issue was discovered on the D-Link DWR-932B router. There is a hardcoded WPS PIN of 28296607.

CVE-2016-10177

An issue was discovered on the D-Link DWR-932B router. Undocumented TELNET and SSH services provide logins to admin with the password admin and root with the password 1234.