Authentication Bypass in D-Link Network Storage Devices
CVE-2014-7857
9.8CRITICAL
What is CVE-2014-7857?
Multiple D-Link network storage devices suffer from a vulnerability that allows remote attackers to bypass the authentication mechanism. By manipulating the 'cmd' parameter to pass the 'cgi_set_wto' command and adjusting the session cookie to 'username=admin', an attacker can gain unauthorized administrative access. This flaw, affecting various firmware versions across D-Link models, exposes sensitive device management features to exploitation.