Vulnerability Details CVE-2017-14423
htdocs/parentalcontrols/bind.php on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices does not prevent unauthenticated nonce-guessing attacks, which makes it easier for remote attackers to change the DNS configuration via a series of requests.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 39.3%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2017-14423
-
cpe:2.3:h:dlink:dir-850l:-
-
cpe:2.3:o:dlink:dir-850l_firmware:-
-
cpe:2.3:o:dlink:dir-850l_firmware:1.02
-
cpe:2.3:o:dlink:dir-850l_firmware:1.08b03
-
cpe:2.3:o:dlink:dir-850l_firmware:1.08trb03
-
cpe:2.3:o:dlink:dir-850l_firmware:1.09
-
cpe:2.3:o:dlink:dir-850l_firmware:1.14b07
-
cpe:2.3:o:dlink:dir-850l_firmware:1.21b07
-
cpe:2.3:o:dlink:dir-850l_firmware:2.06
-
cpe:2.3:o:dlink:dir-850l_firmware:2.07.b05
-
cpe:2.3:o:dlink:dir-850l_firmware:2.21b01
-
cpe:2.3:o:dlink:dir-850l_firmware:2.22b02
-
cpe:2.3:o:dlink:dir-850l_firmware:fw114wwb07_h2ab