Security Misconfiguration in D-Link DIR-850L Devices
CVE-2017-14426

7.8HIGH

Key Information:

Vendor
D-Link
Status
Dir-850l Firmware
Vendor
CVE Published:
13 September 2017

Summary

Certain D-Link DIR-850L devices, specifically REV. A with firmware through FW114WWb07_h2ab_beta1 and REV. B with firmware through FW208WWb02, exhibit a significant security misconfiguration. The permissions on the /var/etc/shadow directory are set to 0644, allowing unauthorized users to access sensitive information. This misconfiguration poses risks for user data privacy and can potentially be exploited by attackers to gain unauthorized access to device functionalities.

References

https://pierrekim.github.io/blog/2017-09-08-dlink-850l-my...
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.