CVE-2017-14420
- EPSS 0.21%
- Published 13.09.2017 17:29:00
- Last modified 20.04.2025 01:37:25
The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle att...
CVE-2017-14419
- EPSS 0.47%
- Published 13.09.2017 17:29:00
- Last modified 20.04.2025 01:37:25
The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices, participates in mydlink Cloud Services by establishing a TCP relay service for HTTP, ev...
CVE-2017-14418
- EPSS 0.57%
- Published 13.09.2017 17:29:00
- Last modified 20.04.2025 01:37:25
The D-Link NPAPI extension, as used in conjunction with D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices, sends the cleartext admin password over the Internet as part of interaction with mydlink Cloud Services.
CVE-2017-14417
- EPSS 0.51%
- Published 13.09.2017 17:29:00
- Last modified 20.04.2025 01:37:25
register_send.php on D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices does not require authentication, which can result in unintended enrollment in mydlink Cloud Services.
CVE-2017-14416
- EPSS 0.25%
- Published 13.09.2017 17:29:00
- Last modified 20.04.2025 01:37:25
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/wandetect.php.
CVE-2017-14415
- EPSS 0.25%
- Published 13.09.2017 17:29:00
- Last modified 20.04.2025 01:37:25
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/sitesurvey.php.
CVE-2017-14414
- EPSS 0.25%
- Published 13.09.2017 17:29:00
- Last modified 20.04.2025 01:37:25
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/shareport.php.