cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2021-46379,https://securityvulnerability.io/vulnerability/CVE-2021-46379,Access Control Flaw in D-Link Router Products,"D-Link DIR850 routers have been identified as vulnerable to an access control issue, allowing URL redirection to potentially untrusted sites. This flaw could be exploited to alter the normal routing of user traffic, posing security risks to connected devices. Users should implement necessary security measures promptly to mitigate exposure.",D-Link,Dir-850l Firmware,6.1,MEDIUM,0.013159999623894691,false,,false,false,false,,,false,false,,2022-03-04T15:02:26.000Z,0
CVE-2021-46378,https://securityvulnerability.io/vulnerability/CVE-2021-46378,Incorrect Access Control in DLink DIR850 Router,"The DLink DIR850 ET850-1.08TRb03 router is susceptible to an access control vulnerability that allows unauthenticated remote users to download sensitive configuration files. This flaw can lead to unauthorized exposure of the device's settings, potentially compromising network security. It's crucial for users of this router to secure their configurations to prevent outside attacks.",D-Link,Dir-850l Firmware,7.5,HIGH,0.025939999148249626,false,,false,false,false,,,false,false,,2022-03-04T14:33:52.000Z,0
CVE-2018-9032,https://securityvulnerability.io/vulnerability/CVE-2018-9032,,"An authentication bypass vulnerability on D-Link DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Router (Hardware Version : A1, B1; Firmware Version : 1.02-2.06) devices potentially allows attackers to bypass SharePort Web Access Portal by directly visiting /category_view.php or /folder_view.php.",D-Link,Dir-850l Firmware,9.8,CRITICAL,0.7972699999809265,false,,false,false,false,,,false,false,,2018-03-27T03:00:00.000Z,0
CVE-2017-14419,https://securityvulnerability.io/vulnerability/CVE-2017-14419,,"The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices, participates in mydlink Cloud Services by establishing a TCP relay service for HTTP, even though a TCP relay service for HTTPS is also established.",D-Link,Dir-850l Firmware,5.9,MEDIUM,0.0031300000846385956,false,,false,false,false,,,false,false,,2017-09-13T17:00:00.000Z,0
CVE-2017-14414,https://securityvulnerability.io/vulnerability/CVE-2017-14414,,D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/shareport.php.,D-Link,Dir-850l Firmware,6.1,MEDIUM,0.001509999972768128,false,,false,false,false,,,false,false,,2017-09-13T17:00:00.000Z,0
CVE-2017-14429,https://securityvulnerability.io/vulnerability/CVE-2017-14429,,"The DHCP client on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices allows unauthenticated remote code execution as root because /etc/services/INET/inet_ipv4.php mishandles shell metacharacters, affecting generated files such as WAN-1-udhcpc.sh.",D-Link,Dir-850l Firmware,9.8,CRITICAL,0.012919999659061432,false,,false,false,false,,,false,false,,2017-09-13T17:00:00.000Z,0
CVE-2017-14430,https://securityvulnerability.io/vulnerability/CVE-2017-14430,,D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices allow remote attackers to cause a denial of service (daemon crash) via crafted LAN traffic.,D-Link,Dir-850l Firmware,7.5,HIGH,0.00215000007301569,false,,false,false,false,,,false,false,,2017-09-13T17:00:00.000Z,0
CVE-2017-14425,https://securityvulnerability.io/vulnerability/CVE-2017-14425,,D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/etc/hnapasswd permissions.,D-Link,Dir-850l Firmware,7.8,HIGH,0.0004799999878741801,false,,false,false,false,,,false,false,,2017-09-13T17:00:00.000Z,0
CVE-2017-14424,https://securityvulnerability.io/vulnerability/CVE-2017-14424,,D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/passwd permissions.,D-Link,Dir-850l Firmware,7.8,HIGH,0.0004799999878741801,false,,false,false,false,,,false,false,,2017-09-13T17:00:00.000Z,0
CVE-2017-14418,https://securityvulnerability.io/vulnerability/CVE-2017-14418,,"The D-Link NPAPI extension, as used in conjunction with D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices, sends the cleartext admin password over the Internet as part of interaction with mydlink Cloud Services.",D-Link,Dir-850l Firmware,8.1,HIGH,0.0052999998442828655,false,,false,false,false,,,false,false,,2017-09-13T17:00:00.000Z,0
CVE-2017-14420,https://securityvulnerability.io/vulnerability/CVE-2017-14420,,"The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",D-Link,Dir-850l Firmware,5.9,MEDIUM,0.0011500000255182385,false,,false,false,false,,,false,false,,2017-09-13T17:00:00.000Z,0
CVE-2017-14427,https://securityvulnerability.io/vulnerability/CVE-2017-14427,,D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/run/storage_account_root permissions.,D-Link,Dir-850l Firmware,7.8,HIGH,0.0004799999878741801,false,,false,false,false,,,false,false,,2017-09-13T17:00:00.000Z,0
CVE-2017-14428,https://securityvulnerability.io/vulnerability/CVE-2017-14428,,D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/run/hostapd* permissions.,D-Link,Dir-850l Firmware,7.8,HIGH,0.0004799999878741801,false,,false,false,false,,,false,false,,2017-09-13T17:00:00.000Z,0
CVE-2017-14413,https://securityvulnerability.io/vulnerability/CVE-2017-14413,,D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/wpsacts.php.,D-Link,Dir-850l Firmware,6.1,MEDIUM,0.001509999972768128,false,,false,false,false,,,false,false,,2017-09-13T17:00:00.000Z,0
CVE-2017-14415,https://securityvulnerability.io/vulnerability/CVE-2017-14415,,D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/sitesurvey.php.,D-Link,Dir-850l Firmware,6.1,MEDIUM,0.001509999972768128,false,,false,false,false,,,false,false,,2017-09-13T17:00:00.000Z,0
CVE-2017-14416,https://securityvulnerability.io/vulnerability/CVE-2017-14416,,D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/wandetect.php.,D-Link,Dir-850l Firmware,6.1,MEDIUM,0.001509999972768128,false,,false,false,false,,,false,false,,2017-09-13T17:00:00.000Z,0
CVE-2017-14417,https://securityvulnerability.io/vulnerability/CVE-2017-14417,,"register_send.php on D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices does not require authentication, which can result in unintended enrollment in mydlink Cloud Services.",D-Link,Dir-850l Firmware,9.8,CRITICAL,0.007499999832361937,false,,false,false,false,,,false,false,,2017-09-13T17:00:00.000Z,0
CVE-2017-14426,https://securityvulnerability.io/vulnerability/CVE-2017-14426,,D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0644 /var/etc/shadow (aka the /etc/shadow symlink target) permissions.,D-Link,Dir-850l Firmware,7.8,HIGH,0.0004799999878741801,false,,false,false,false,,,false,false,,2017-09-13T17:00:00.000Z,0
CVE-2017-14423,https://securityvulnerability.io/vulnerability/CVE-2017-14423,,"htdocs/parentalcontrols/bind.php on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices does not prevent unauthenticated nonce-guessing attacks, which makes it easier for remote attackers to change the DNS configuration via a series of requests.",D-Link,Dir-850l Firmware,7.5,HIGH,0.00267999991774559,false,,false,false,false,,,false,false,,2017-09-13T17:00:00.000Z,0
CVE-2017-14421,https://securityvulnerability.io/vulnerability/CVE-2017-14421,,"D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices have a hardcoded password of wrgac25_dlink.2013gui_dir850l for the Alphanetworks account upon device reset, which allows remote attackers to obtain root access via a TELNET session.",D-Link,Dir-850l Firmware,9.8,CRITICAL,0.014310000464320183,false,,false,false,false,,,false,false,,2017-09-13T17:00:00.000Z,0
CVE-2017-14422,https://securityvulnerability.io/vulnerability/CVE-2017-14422,,"D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices use the same hardcoded /etc/stunnel.key private key across different customers' installations, which allows remote attackers to defeat the HTTPS cryptographic protection mechanisms by leveraging knowledge of this key from another installation.",D-Link,Dir-850l Firmware,7.5,HIGH,0.01205000001937151,false,,false,false,false,,,false,false,,2017-09-13T17:00:00.000Z,0