Описание
htdocs/parentalcontrols/bind.php on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices does not prevent unauthenticated nonce-guessing attacks, which makes it easier for remote attackers to change the DNS configuration via a series of requests.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до fw114wwb07_h2ab (исключая)
Одновременно
Одно из
cpe:2.3:o:dlink:dir-850l_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-850l_firmware:fw114wwb07_h2ab:beta1:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-850l:-:*:*:*:*:*:*:*
EPSS
Процентиль: 46%
0.00234
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-307
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
htdocs/parentalcontrols/bind.php on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices does not prevent unauthenticated nonce-guessing attacks, which makes it easier for remote attackers to change the DNS configuration via a series of requests.
EPSS
Процентиль: 46%
0.00234
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-307