exploitDog

CVE-2014-3872

Опубликовано: 27 мая 2014

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

Multiple SQL injection vulnerabilities in the administration login page in D-Link DAP-1350 (Rev. A1) with firmware 1.14 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password.

Ссылки

http://secunia.com/advisories/58254
http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10023
Exploit
Vendor Advisory
http://www.securityfocus.com/bid/67310
http://secunia.com/advisories/58254
http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10023
Exploit
Vendor Advisory
http://www.securityfocus.com/bid/67310

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:dlink:dap-1350_firmware:*:*:*:*:*:*:*:*

Версия до 1.14 (включая)

cpe:2.3:o:dlink:dap-1350_firmware:1.10:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dap-1350:rev._a1:*:*:*:*:*:*:*

EPSS

Процентиль: 47%

0.00237

Низкий

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-6w49-wgp5-56q8

github

больше 3 лет назад

Multiple SQL injection vulnerabilities in the administration login page in D-Link DAP-1350 (Rev. A1) with firmware 1.14 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password.

EPSS

Процентиль: 47%

0.00237

Низкий

7.5 High

CVSS2

Дефекты

CWE-89