10

CVE-2014-7858

The check_login function in D-Link DNR-326 before 2.10 build 03 allows remote attackers to bypass authentication and log in by setting the username cookie parameter to an arbitrary string.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
D-linkDnr-326 Firmware Version <= 1.40b03
   DlinkDnr-326 Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 15.17% 0.963
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://packetstormsecurity.com/files/132075/D-Link-Bypass-Buffer-Overflow.html
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2015/May/125
Third Party Advisory
VDB Entry
Mailing List
http://www.search-lab.hu/media/D-Link_Security_advisory_3_0_public.pdf
Technical Description
http://www.securityfocus.com/archive/1/535626/100/200/threaded
http://www.securityfocus.com/bid/74886
Third Party Advisory
VDB Entry