cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2021-46379,https://securityvulnerability.io/vulnerability/CVE-2021-46379,,DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through URL redirection to untrusted site.,D-Link,Dir-850l Firmware,6.1,MEDIUM,0.013159999623894691,false,false,false,false,,false,false,2022-03-04T15:02:26.000Z,0
CVE-2021-46378,https://securityvulnerability.io/vulnerability/CVE-2021-46378,,DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through an unauthenticated remote configuration download.,D-Link,Dir-850l Firmware,7.5,HIGH,0.025939999148249626,false,false,false,false,,false,false,2022-03-04T14:33:52.000Z,0
CVE-2018-9032,https://securityvulnerability.io/vulnerability/CVE-2018-9032,,"An authentication bypass vulnerability on D-Link DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Router (Hardware Version : A1, B1; Firmware Version : 1.02-2.06) devices potentially allows attackers to bypass SharePort Web Access Portal by directly visiting /category_view.php or /folder_view.php.",D-Link,Dir-850l Firmware,9.8,CRITICAL,0.7972699999809265,false,false,false,false,,false,false,2018-03-27T03:00:00.000Z,0
CVE-2017-14421,https://securityvulnerability.io/vulnerability/CVE-2017-14421,,"D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices have a hardcoded password of wrgac25_dlink.2013gui_dir850l for the Alphanetworks account upon device reset, which allows remote attackers to obtain root access via a TELNET session.",D-Link,Dir-850l Firmware,9.8,CRITICAL,0.014310000464320183,false,false,false,false,,false,false,2017-09-13T17:00:00.000Z,0
CVE-2017-14422,https://securityvulnerability.io/vulnerability/CVE-2017-14422,,"D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices use the same hardcoded /etc/stunnel.key private key across different customers' installations, which allows remote attackers to defeat the HTTPS cryptographic protection mechanisms by leveraging knowledge of this key from another installation.",D-Link,Dir-850l Firmware,7.5,HIGH,0.01205000001937151,false,false,false,false,,false,false,2017-09-13T17:00:00.000Z,0
CVE-2017-14427,https://securityvulnerability.io/vulnerability/CVE-2017-14427,,D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/run/storage_account_root permissions.,D-Link,Dir-850l Firmware,7.8,HIGH,0.0004799999878741801,false,false,false,false,,false,false,2017-09-13T17:00:00.000Z,0
CVE-2017-14429,https://securityvulnerability.io/vulnerability/CVE-2017-14429,,"The DHCP client on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices allows unauthenticated remote code execution as root because /etc/services/INET/inet_ipv4.php mishandles shell metacharacters, affecting generated files such as WAN-1-udhcpc.sh.",D-Link,Dir-850l Firmware,9.8,CRITICAL,0.012919999659061432,false,false,false,false,,false,false,2017-09-13T17:00:00.000Z,0
CVE-2017-14414,https://securityvulnerability.io/vulnerability/CVE-2017-14414,,D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/shareport.php.,D-Link,Dir-850l Firmware,6.1,MEDIUM,0.001509999972768128,false,false,false,false,,false,false,2017-09-13T17:00:00.000Z,0
CVE-2017-14418,https://securityvulnerability.io/vulnerability/CVE-2017-14418,,"The D-Link NPAPI extension, as used in conjunction with D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices, sends the cleartext admin password over the Internet as part of interaction with mydlink Cloud Services.",D-Link,Dir-850l Firmware,8.1,HIGH,0.0052999998442828655,false,false,false,false,,false,false,2017-09-13T17:00:00.000Z,0
CVE-2017-14423,https://securityvulnerability.io/vulnerability/CVE-2017-14423,,"htdocs/parentalcontrols/bind.php on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices does not prevent unauthenticated nonce-guessing attacks, which makes it easier for remote attackers to change the DNS configuration via a series of requests.",D-Link,Dir-850l Firmware,7.5,HIGH,0.00267999991774559,false,false,false,false,,false,false,2017-09-13T17:00:00.000Z,0
CVE-2017-14413,https://securityvulnerability.io/vulnerability/CVE-2017-14413,,D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/wpsacts.php.,D-Link,Dir-850l Firmware,6.1,MEDIUM,0.001509999972768128,false,false,false,false,,false,false,2017-09-13T17:00:00.000Z,0
CVE-2017-14428,https://securityvulnerability.io/vulnerability/CVE-2017-14428,,D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/run/hostapd* permissions.,D-Link,Dir-850l Firmware,7.8,HIGH,0.0004799999878741801,false,false,false,false,,false,false,2017-09-13T17:00:00.000Z,0
CVE-2017-14430,https://securityvulnerability.io/vulnerability/CVE-2017-14430,,D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices allow remote attackers to cause a denial of service (daemon crash) via crafted LAN traffic.,D-Link,Dir-850l Firmware,7.5,HIGH,0.00215000007301569,false,false,false,false,,false,false,2017-09-13T17:00:00.000Z,0
CVE-2017-14425,https://securityvulnerability.io/vulnerability/CVE-2017-14425,,D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/etc/hnapasswd permissions.,D-Link,Dir-850l Firmware,7.8,HIGH,0.0004799999878741801,false,false,false,false,,false,false,2017-09-13T17:00:00.000Z,0
CVE-2017-14415,https://securityvulnerability.io/vulnerability/CVE-2017-14415,,D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/sitesurvey.php.,D-Link,Dir-850l Firmware,6.1,MEDIUM,0.001509999972768128,false,false,false,false,,false,false,2017-09-13T17:00:00.000Z,0
CVE-2017-14416,https://securityvulnerability.io/vulnerability/CVE-2017-14416,,D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/wandetect.php.,D-Link,Dir-850l Firmware,6.1,MEDIUM,0.001509999972768128,false,false,false,false,,false,false,2017-09-13T17:00:00.000Z,0
CVE-2017-14417,https://securityvulnerability.io/vulnerability/CVE-2017-14417,,"register_send.php on D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices does not require authentication, which can result in unintended enrollment in mydlink Cloud Services.",D-Link,Dir-850l Firmware,9.8,CRITICAL,0.007499999832361937,false,false,false,false,,false,false,2017-09-13T17:00:00.000Z,0
CVE-2017-14426,https://securityvulnerability.io/vulnerability/CVE-2017-14426,,D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0644 /var/etc/shadow (aka the /etc/shadow symlink target) permissions.,D-Link,Dir-850l Firmware,7.8,HIGH,0.0004799999878741801,false,false,false,false,,false,false,2017-09-13T17:00:00.000Z,0
CVE-2017-14424,https://securityvulnerability.io/vulnerability/CVE-2017-14424,,D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/passwd permissions.,D-Link,Dir-850l Firmware,7.8,HIGH,0.0004799999878741801,false,false,false,false,,false,false,2017-09-13T17:00:00.000Z,0
CVE-2017-14419,https://securityvulnerability.io/vulnerability/CVE-2017-14419,,"The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices, participates in mydlink Cloud Services by establishing a TCP relay service for HTTP, even though a TCP relay service for HTTPS is also established.",D-Link,Dir-850l Firmware,5.9,MEDIUM,0.0031300000846385956,false,false,false,false,,false,false,2017-09-13T17:00:00.000Z,0
CVE-2017-14420,https://securityvulnerability.io/vulnerability/CVE-2017-14420,,"The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",D-Link,Dir-850l Firmware,5.9,MEDIUM,0.0011500000255182385,false,false,false,false,,false,false,2017-09-13T17:00:00.000Z,0