Main Vulnerability Database Vulnerabilities #VU8209

#VU8209 Security restrictions bypass in DIR-850L - CVE-2017-14423

Published: September 11, 2017 / Updated: January 23, 2019

Vulnerability identifier: #VU8209

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-14423

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
DIR-850L

Software vendor:
D-Link

Description

The vulnerability allows a remote attacker to bypass security restrictions.

The weakness exists due to insufficient sanitization of user-supplied data. A remote attacker can send a specially crafted HTTP request to bypass security restrictions, alter DNS settings and perform further routing and bruteforce attacks.

Remediation

Cybersecurity Help is currently unaware of any official patch addressing the vulnerability.

External links

https://pierrekim.github.io/advisories/2017-dlink-0x00-dlink-850l-cloud.txt

#VU8209 Security restrictions bypass in DIR-850L - CVE-2017-14423

Description

Remediation

External links

Please verify you're human