D-Link Router Vulnerability Exposing Sensitive Files
CVE-2017-14424

7.8HIGH

Key Information:

Vendor: D-Link
Status: Dir-850l Firmware
Vendor: CVE Published:; 13 September 2017

Summary

The D-Link DIR-850L routers (REV. A and REV. B) are susceptible to a security vulnerability stemming from improperly set file permissions on critical system files. Specifically, the /var/passwd file is accessible with 0666 permissions, allowing unauthorized users to read sensitive information, potentially leading to account compromise or further exploitation of the device. Users are advised to ensure they are running the latest firmware updates to mitigate these risks.

References

https://pierrekim.github.io/blog/2017-09-08-dlink-850l-my...

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 13, 2017
Vulnerability Reserved
Sep 13, 2017