Security Vulnerabilities - CVEs Published In January 2017
An issue was discovered on the D-Link DWR-932B router. HELODBG on port 39889 (UDP) launches the "/sbin/telnetd -l /bin/sh" command.
CVSS Score
9.8
EPSS Score
0.222
Published
2017-01-30
An issue was discovered on the D-Link DWR-932B router. There is a hardcoded WPS PIN of 28296607.
CVSS Score
7.5
EPSS Score
0.12
Published
2017-01-30
An issue was discovered on the D-Link DWR-932B router. WPS PIN generation is based on srand(time(0)) seeding.
CVSS Score
7.5
EPSS Score
0.109
Published
2017-01-30
An issue was discovered on the D-Link DWR-932B router. qmiweb provides sensitive information for CfgType=get_homeCfg requests.
CVSS Score
7.5
EPSS Score
0.121
Published
2017-01-30
An issue was discovered on the D-Link DWR-932B router. qmiweb allows command injection with ` characters.
CVSS Score
9.8
EPSS Score
0.493
Published
2017-01-30
An issue was discovered on the D-Link DWR-932B router. qmiweb allows directory listing with ../ traversal.
CVSS Score
7.5
EPSS Score
0.288
Published
2017-01-30
An issue was discovered on the D-Link DWR-932B router. qmiweb allows file reading with ..%2f traversal.
CVSS Score
7.5
EPSS Score
0.288
Published
2017-01-30
An issue was discovered on the D-Link DWR-932B router. A secure_mode=no line exists in /var/miniupnpd.conf.
CVSS Score
7.5
EPSS Score
0.09
Published
2017-01-30
An issue was discovered on the D-Link DWR-932B router. /var/miniupnpd.conf has no deny rules.
CVSS Score
7.5
EPSS Score
0.09
Published
2017-01-30
wp-admin/includes/class-wp-press-this.php in Press This in WordPress before 4.7.2 does not properly restrict visibility of a taxonomy-assignment user interface, which allows remote attackers to bypass intended access restrictions by reading terms.
CVSS Score
5.3
EPSS Score
0.008
Published
2017-01-30