CRITICAL✓ PATCH🇬🇧 English

CVE-2014-7858

CVSS 9.8v3.0pub. 2017-08-25upd. 2026-05-13

The check_login function in D-Link DNR-326 before 2.10 build 03 allows remote attackers to bypass authentication and log in by setting the username cookie parameter to an arbitrary string.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Dlink Dnr 326

    HW
    Dlink
    wszystkie wersje
  • D Link Dnr 326 Firmware

    OS
    D-Link
    ≤ 1.40b03
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
Auth Bypass
CWE
Referencje

Powiązane podatności

CVE-2024-3272CRITICAL9.8⚠ KEVPL ✓ten sam produkt

D-Link DNS-320L/325/327L/340L — zakodowane na stałe poświadczenia (hard-coded credentials)

CVE-2014-7857CRITICAL9.8ten sam produkt

D-Link DNS-320L firmware before 1.04b12, DNS-327L before 1.03b04 Build0119, DNR-326 1.40b03, DNS-320B 1.02b01,...

CVE-2014-7859CRITICAL9.8ten sam produkt

Stack-based buffer overflow in login_mgr.cgi in D-Link firmware DNR-320L and DNS-320LW before 1.04b08, DNR-322...

CVE-2024-3273HIGH7.3⚠ KEVten sam produkt

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320...

CVE-2026-5211HIGH7.4ten sam produkt

A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, ...