Vulnerabilities > CVE-2017-14423 - Improper Restriction of Excessive Authentication Attempts vulnerability in Dlink Dir-850L Firmware

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

dlink

CWE-307

NVD

Published: 2017-09-13

Updated: 2023-11-08

Summary

htdocs/parentalcontrols/bind.php on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices does not prevent unauthenticated nonce-guessing attacks, which makes it easier for remote attackers to change the DNS configuration via a series of requests.

Vulnerable Configurations

Part	Description	Count
OS	Dlink Dlink DIR 850L Firmware - Dlink DIR 850L Firmware 1.02 Dlink DIR 850L Firmware 1.08B03 Dlink DIR 850L Firmware 1.08Trb03 Dlink DIR 850L Firmware 1.09 Dlink DIR 850L Firmware 1.14B07 Dlink DIR 850L Firmware 1.21B07 Dlink DIR 850L Firmware 2.06 Dlink DIR 850L Firmware 2.07.B05 Dlink DIR 850L Firmware 2.21B01 Dlink DIR 850L Firmware 2.22B02 Dlink DIR 850L Firmware Fw114Wwb07_H2Ab	12
Hardware	Dlink Dlink DIR 850L -	1

Common Weakness Enumeration (CWE)

CWE-307 - Improper Restriction of Excessive Authentication Attempts

References

https://pierrekim.github.io/blog/2017-09-08-dlink-850l-mydlink-cloud-0days-vulnerabilities.html