CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2014-7857

CVSS 9.8v3.0pub. 2017-08-25upd. 2026-05-13

D-Link DNS-320L firmware before 1.04b12, DNS-327L before 1.03b04 Build0119, DNR-326 1.40b03, DNS-320B 1.02b01, DNS-345 1.03b06, DNS-325 1.05b03, and DNS-322L 2.00b07 allow remote attackers to bypass authentication and log in with administrator permissions by passing the cgi_set_wto command in the cmd parameter, and setting the spawned session's cookie to username=admin.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Dlink Dnr 326

    HW
    Dlink
    wszystkie wersje
  • Dlink Dns 320b

    HW
    Dlink
    wszystkie wersje
  • Dlink Dns 320l

    HW
    Dlink
    wszystkie wersje
  • Dlink Dns 322l

    HW
    Dlink
    wszystkie wersje
  • Dlink Dns 325

    HW
    Dlink
    wszystkie wersje
  • Dlink Dns 327l

    HW
    Dlink
    wszystkie wersje
  • Dlink Dns 345

    HW
    Dlink
    wszystkie wersje
  • D Link Dnr 326 Firmware

    OS
    D-Link
    ≤ 1.40b03
  • D Link Dns 320b Firmware

    OS
    D-Link
    ≤ 1.02b01
  • D Link Dns 320l Firmware

    OS
    D-Link
    ≤ 1.03b04
  • D Link Dns 322l Firmware

    OS
    D-Link
    ≤ 2.00b07
  • D Link Dns 325 Firmware

    OS
    D-Link
    ≤ 1.05b03
  • D Link Dns 327l Firmware

    OS
    D-Link
    ≤ 1.02
  • D Link Dns 345 Firmware

    OS
    D-Link
    ≤ 1.03b06
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2024-3272CRITICAL9.8⚠ KEVPL ✓ten sam produkt

D-Link DNS-320L/325/327L/340L — zakodowane na stałe poświadczenia (hard-coded credentials)

CVE-2024-10915CRITICAL9.2PL ✓ten sam produkt

Command injection w D-Link DNS-320/325/340L przez parametr group

CVE-2024-10914CRITICAL9.2PL ✓ten sam produkt

Command injection w D-Link DNS-320/325/340L — zdalne wykonanie poleceń OS

CVE-2014-7858CRITICAL9.8ten sam produkt

The check_login function in D-Link DNR-326 before 2.10 build 03 allows remote attackers to bypass authenticati...

CVE-2014-7859CRITICAL9.8ten sam produkt

Stack-based buffer overflow in login_mgr.cgi in D-Link firmware DNR-320L and DNS-320LW before 1.04b08, DNR-322...