Main Vulnerability Database Vulnerabilities #VU8205

Information disclosure in DIR-850L - CVE-2017-14419

Published: September 11, 2017 / Updated: January 23, 2019

Vulnerability identifier: #VU8205

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-14419

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: D-Link

Affected software:
DIR-850L

Detailed vulnerability description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to improper privileges and access controls. A remote attacker can retrieve admin password from routers, and use it to associate users' routers with their own MyDLink cloud accounts, effectively taking control over the device.

How to mitigate CVE-2017-14419

Cybersecurity Help is currently unaware of any official patch addressing the vulnerability.

Sources

https://pierrekim.github.io/advisories/2017-dlink-0x00-dlink-850l-cloud.txt

Information disclosure in DIR-850L - CVE-2017-14419

Detailed vulnerability description

How to mitigate CVE-2017-14419

Sources

Please verify you're human