Vulnerability Details CVE-2017-14420
The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 44.1%
CVSS Severity
CVSS v3 Score 5.9
CVSS v2 Score 4.3
References
Products affected by CVE-2017-14420
-
cpe:2.3:h:dlink:dir-850l:-
-
cpe:2.3:o:dlink:dir-850l_firmware:-
-
cpe:2.3:o:dlink:dir-850l_firmware:1.02
-
cpe:2.3:o:dlink:dir-850l_firmware:1.08b03
-
cpe:2.3:o:dlink:dir-850l_firmware:1.08trb03
-
cpe:2.3:o:dlink:dir-850l_firmware:1.09
-
cpe:2.3:o:dlink:dir-850l_firmware:1.14b07
-
cpe:2.3:o:dlink:dir-850l_firmware:1.21b07
-
cpe:2.3:o:dlink:dir-850l_firmware:2.06
-
cpe:2.3:o:dlink:dir-850l_firmware:2.07.b05
-
cpe:2.3:o:dlink:dir-850l_firmware:2.21b01
-
cpe:2.3:o:dlink:dir-850l_firmware:2.22b02
-
cpe:2.3:o:dlink:dir-850l_firmware:fw114wwb07_h2ab
-
cpe:2.3:o:dlink:dir-850l_firmware:fw208wwb02