CVE-2017-14419

The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices, participates in mydlink Cloud Services by establishing a TCP relay service for HTTP, even though a TCP relay service for HTTPS is also established.

CVSS v3 5.9 MEDIUM
CVSS v2.0 4.3 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://pierrekim.github.io/blog/2017-09-08-dlink-850l-mydlink-cloud-0days-vulnerabilities.html	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:dlink:dir-850l_firmware::::::::
	cpe:2.3:o:dlink:dir-850l_firmware:fw114wwb07_h2ab:beta1::::::

cpe:2.3:h:dlink:dir-850l:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:dlink:dir-850l_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-850l:-:*:*:*:*:*:*:*

History

17 Nov 2023, 20:01

Type	Values Removed	Values Added
CPE	cpe:2.3:o:d-link:dir-850l_firmware::::::::

08 Nov 2023, 20:57

Type	Values Removed	Values Added
First Time		Dlink dir-850l Firmware
CPE	cpe:2.3:o:d-link:dir-850l_firmware::beta1::::::*	cpe:2.3:o:dlink:dir-850l_firmware:fw114wwb07_h2ab:beta1:::::: cpe:2.3:o:dlink:dir-850l_firmware::::::::

26 Apr 2023, 18:55

Type	Values Removed	Values Added
CPE	cpe:2.3:h:d-link:dir-850l:-:::::::*	cpe:2.3:h:dlink:dir-850l:-:::::::*
First Time		Dlink dir-850l Dlink

Information

Published : 2017-09-13 17:29

Updated : 2023-12-10 12:15

NVD link : CVE-2017-14419

Mitre link : CVE-2017-14419

CVE.ORG link : CVE-2017-14419

JSON object : View

Products Affected

dlink

dir-850l
dir-850l_firmware

CWE

CWE-295

Improper Certificate Validation

5.9 /10

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2017-14419

5.9^/10

4.3^/10

Attach tags to `CVE-2017-14419`