Main Vulnerability Database Vulnerabilities #VU17142

Information disclosure in DIR-850L - CVE-2017-14420

Published: January 23, 2019

Vulnerability identifier: #VU17142

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-14420

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: D-Link

Affected software:
DIR-850L

Detailed vulnerability description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to improper privileges and access controls. A remote attacker can retrieve admin password from routers, and use it to associate users' routers with their own MyDLink cloud accounts, effectively taking control over the device.

How to mitigate CVE-2017-14420

Cybersecurity Help is currently unaware of any official patch addressing the vulnerability.

Sources

https://pierrekim.github.io/advisories/2017-dlink-0x00-dlink-850l-cloud.txt

Information disclosure in DIR-850L - CVE-2017-14420

Detailed vulnerability description

How to mitigate CVE-2017-14420

Sources

Please verify you're human