Multiple vulnerabilities in D-Link DIR-850L

1) Security restrictions bypass

EUVDB-ID: #VU8203

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2016-10179

CWE-ID: CWE-259 - Use of Hard-coded Password

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to lack of proper firmware protection. A remote attacker can use a hardcoded password, gain access to the firmware and upload a new firmware to the router.

Mitigation

Cybersecurity Help is currently unaware of any official patch addressing the vulnerability.

Vulnerable software versions

DIR-850L: Rev.B1 2.06 - 2.07.B05

CPE2.3

External links

https://pierrekim.github.io/advisories/2017-dlink-0x00-dlink-850l-cloud.txt

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Cross-site scripting

EUVDB-ID: #VU8204

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-14413

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal the authentication cookies and gain access to the device.

Mitigation

Cybersecurity Help is currently unaware of any official patch addressing the vulnerability.

Vulnerable software versions

DIR-850L: Rev.B1 2.06 - 2.07.B05

CPE2.3

External links

https://pierrekim.github.io/advisories/2017-dlink-0x00-dlink-850l-cloud.txt

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Information disclosure

EUVDB-ID: #VU8205

Risk: Low

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-14419

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to improper privileges and access controls. A remote attacker can retrieve admin password from routers, and use it to associate users' routers with their own MyDLink cloud accounts, effectively taking control over the device.

Mitigation

Cybersecurity Help is currently unaware of any official patch addressing the vulnerability.

Vulnerable software versions

DIR-850L: Rev.B1 2.06 - 2.07.B05

CPE2.3

External links

https://pierrekim.github.io/advisories/2017-dlink-0x00-dlink-850l-cloud.txt

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Information disclosure

EUVDB-ID: #VU8206

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-14417

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to improper encryption by TCP tunnel in MyDLink cloud protocol. A remote attacker can view communications between the user's router and the MyDLink account.

Mitigation

Cybersecurity Help is currently unaware of any official patch addressing the vulnerability.

Vulnerable software versions

DIR-850L: Rev.B1 2.06 - 2.07.B05

CPE2.3

External links

https://pierrekim.github.io/advisories/2017-dlink-0x00-dlink-850l-cloud.txt

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Man-in-the-middle attack

EUVDB-ID: #VU8207

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-14422

CWE-ID: CWE-321 - Use of Hard-coded Cryptographic Key

Exploit availability: No

Description

The vulnerability allows a remote attacker to conduct man-in-the-middle attack.

The weakness exists due to use of hardcoded private encryption keys for TCP tunnel. A remote attacker can extract these encryption keys and perform MitM attacks to read and modify arbitrary data on the system.

Mitigation

Cybersecurity Help is currently unaware of any official patch addressing the vulnerability.

Vulnerable software versions

DIR-850L: Rev.B1 2.06 - 2.07.B05

CPE2.3

External links

https://pierrekim.github.io/advisories/2017-dlink-0x00-dlink-850l-cloud.txt

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Backdoor

EUVDB-ID: #VU8208

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2016-10178

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to the presence of backdoor code. A remote attacker can obtain passwords via the 'PUT' and 'GET' requests, use backdoor account via Alphanetworks / wrgac25_dlink.2013gui_dir850l to gain access to the router and update the firmware with a custom.

Mitigation

Cybersecurity Help is currently unaware of any official patch addressing the vulnerability.

Vulnerable software versions

DIR-850L: Rev.B1 2.06 - 2.07.B05

CPE2.3

External links

https://pierrekim.github.io/advisories/2017-dlink-0x00-dlink-850l-cloud.txt

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Security restrictions bypass

EUVDB-ID: #VU8209

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-14423

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass security restrictions.

The weakness exists due to insufficient sanitization of user-supplied data. A remote attacker can send a specially crafted HTTP request to bypass security restrictions, alter DNS settings and perform further routing and bruteforce attacks.

Mitigation

Cybersecurity Help is currently unaware of any official patch addressing the vulnerability.

Vulnerable software versions

DIR-850L: Rev.B1 2.06 - 2.07.B05

CPE2.3

External links

https://pierrekim.github.io/advisories/2017-dlink-0x00-dlink-850l-cloud.txt

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Information disclosure

EUVDB-ID: #VU8210

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-14424

CWE-ID: CWE-255 - Credentials Management

Exploit availability: No

Description

The vulnerability allows a local attacker to obtain potentially sensitive information.

The weakness exists due to storing of credentials in cleartext. A local attacker can view arbitrary file on the system.

Mitigation

Cybersecurity Help is currently unaware of any official patch addressing the vulnerability.

Vulnerable software versions

DIR-850L: Rev.B1 2.06 - 2.07.B05

CPE2.3

External links

https://pierrekim.github.io/advisories/2017-dlink-0x00-dlink-850l-cloud.txt

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Command injection

EUVDB-ID: #VU8211

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2017-14429

CWE-ID: CWE-77 - Command injection

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain elevated privileges.

The weakness exists due to command injection flaw in router's internal DHCP client. A remote attacker can inject and execute arbitrary commands to perform actions with root privileges.

Mitigation

Cybersecurity Help is currently unaware of any official patch addressing the vulnerability.

Vulnerable software versions

DIR-850L: Rev.B1 2.06 - 2.07.B05

CPE2.3

External links

https://pierrekim.github.io/advisories/2017-dlink-0x00-dlink-850l-cloud.txt

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Denial of service

EUVDB-ID: #VU8212

Risk: Low

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-14430

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition.

The weakness exists due to unspecified error. A remote attacker can cause router daemons to crash.

Mitigation

Cybersecurity Help is currently unaware of any official patch addressing the vulnerability.

Vulnerable software versions

DIR-850L: Rev.B1 2.06 - 2.07.B05

CPE2.3

External links

https://pierrekim.github.io/advisories/2017-dlink-0x00-dlink-850l-cloud.txt

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Information disclosure

EUVDB-ID: #VU17142

Risk: Low

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-14420

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to improper privileges and access controls. A remote attacker can retrieve admin password from routers, and use it to associate users' routers with their own MyDLink cloud accounts, effectively taking control over the device.

Mitigation

Cybersecurity Help is currently unaware of any official patch addressing the vulnerability.

Vulnerable software versions

DIR-850L: Rev.B1 2.06 - 2.07.B05

CPE2.3

External links

https://pierrekim.github.io/advisories/2017-dlink-0x00-dlink-850l-cloud.txt

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Information disclosure

EUVDB-ID: #VU17141

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-14418

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to improper encryption by TCP tunnel in MyDLink cloud protocol. A remote attacker can view communications between the user's router and the MyDLink account.

Mitigation

Cybersecurity Help is currently unaware of any official patch addressing the vulnerability.

Vulnerable software versions

DIR-850L: Rev.B1 2.06 - 2.07.B05

CPE2.3

External links

https://pierrekim.github.io/advisories/2017-dlink-0x00-dlink-850l-cloud.txt

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Cross-site scripting

EUVDB-ID: #VU17140

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-14416

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal the authentication cookies and gain access to the device.

Mitigation

Cybersecurity Help is currently unaware of any official patch addressing the vulnerability.

Vulnerable software versions

DIR-850L: Rev.B1 2.06 - 2.07.B05

CPE2.3

External links

https://pierrekim.github.io/advisories/2017-dlink-0x00-dlink-850l-cloud.txt

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Cross-site scripting

EUVDB-ID: #VU17139

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-14415

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal the authentication cookies and gain access to the device.

Mitigation

Cybersecurity Help is currently unaware of any official patch addressing the vulnerability.

Vulnerable software versions

DIR-850L: Rev.B1 2.06 - 2.07.B05

CPE2.3

External links

https://pierrekim.github.io/advisories/2017-dlink-0x00-dlink-850l-cloud.txt

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Cross-site scripting

EUVDB-ID: #VU17138

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-14414

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal the authentication cookies and gain access to the device.

Mitigation

Cybersecurity Help is currently unaware of any official patch addressing the vulnerability.

Vulnerable software versions

DIR-850L: Rev.B1 2.06 - 2.07.B05

CPE2.3

External links

https://pierrekim.github.io/advisories/2017-dlink-0x00-dlink-850l-cloud.txt

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Information disclosure

EUVDB-ID: #VU17137

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-14428

CWE-ID: CWE-255 - Credentials Management

Exploit availability: No

Description

The vulnerability allows a local attacker to obtain potentially sensitive information.

The weakness exists due to storing of credentials in cleartext. A local attacker can view arbitrary file on the system.

Mitigation

Cybersecurity Help is currently unaware of any official patch addressing the vulnerability.

Vulnerable software versions

DIR-850L: Rev.B1 2.06 - 2.07.B05

CPE2.3

External links

https://pierrekim.github.io/advisories/2017-dlink-0x00-dlink-850l-cloud.txt

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Information disclosure

EUVDB-ID: #VU17136

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-14427

CWE-ID: CWE-255 - Credentials Management

Exploit availability: No

Description

The vulnerability allows a local attacker to obtain potentially sensitive information.

The weakness exists due to storing of credentials in cleartext. A local attacker can view arbitrary file on the system.

Mitigation

Cybersecurity Help is currently unaware of any official patch addressing the vulnerability.

Vulnerable software versions

DIR-850L: Rev.B1 2.06 - 2.07.B05

CPE2.3

External links

https://pierrekim.github.io/advisories/2017-dlink-0x00-dlink-850l-cloud.txt

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Information disclosure

EUVDB-ID: #VU17135

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-14426

CWE-ID: CWE-255 - Credentials Management

Exploit availability: No

Description

The vulnerability allows a local attacker to obtain potentially sensitive information.

The weakness exists due to storing of credentials in cleartext. A local attacker can view arbitrary file on the system.

Mitigation

Cybersecurity Help is currently unaware of any official patch addressing the vulnerability.

Vulnerable software versions

DIR-850L: Rev.B1 2.06 - 2.07.B05

CPE2.3

External links

https://pierrekim.github.io/advisories/2017-dlink-0x00-dlink-850l-cloud.txt

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Information disclosure

EUVDB-ID: #VU17134

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-14425

CWE-ID: CWE-255 - Credentials Management

Exploit availability: No

Description

The vulnerability allows a local attacker to obtain potentially sensitive information.

The weakness exists due to storing of credentials in cleartext. A local attacker can view arbitrary file on the system.

Mitigation

Cybersecurity Help is currently unaware of any official patch addressing the vulnerability.

Vulnerable software versions

DIR-850L: Rev.B1 2.06 - 2.07.B05

CPE2.3

External links

https://pierrekim.github.io/advisories/2017-dlink-0x00-dlink-850l-cloud.txt

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Risk	High
Patch available	NO
Number of vulnerabilities	19
CVE-ID	CVE-2016-10179 CVE-2017-14413 CVE-2017-14419 CVE-2017-14417 CVE-2017-14422 CVE-2016-10178 CVE-2017-14423 CVE-2017-14424 CVE-2017-14429 CVE-2017-14430 CVE-2017-14420 CVE-2017-14418 CVE-2017-14416 CVE-2017-14415 CVE-2017-14414 CVE-2017-14428 CVE-2017-14427 CVE-2017-14426 CVE-2017-14425
CWE-ID	CWE-259 CWE-79 CWE-200 CWE-321 CWE-20 CWE-255 CWE-77 CWE-264
Exploitation vector	Network
Public exploit	N/A
Vulnerable software	DIR-850L Hardware solutions / Routers & switches, VoIP, GSM, etc
Vendor	D-Link