What is the severity of CVE-2014-7857?

CVE-2014-7857 has been assigned a high severity rating due to the potential for remote exploitation.

Which devices are affected by CVE-2014-7857?

CVE-2014-7857 affects D-Link DNS-320L, DNS-327L, DNR-326, DNS-320B, DNS-345, DNS-325, and DNS-322L firmware versions below the specified updates.

How do I fix CVE-2014-7857?

To fix CVE-2014-7857, update the firmware of the affected D-Link devices to the latest version listed in the advisory.

Can CVE-2014-7857 be exploited remotely?

Yes, CVE-2014-7857 allows remote attackers to bypass authentication, making it possible for unauthorized access.

What is the impact of CVE-2014-7857?

The impact of CVE-2014-7857 includes unauthorized administrative access, potentially leading to data compromise and device misuse.

Vulnerability/
CVE-2014-7857

critical

CWE

287

25/8/2017

6/8/2024

CVE-2014-7857

First published: Fri Aug 25 2017(Updated: )

D-Link DNS-320L firmware before 1.04b12, DNS-327L before 1.03b04 Build0119, DNR-326 1.40b03, DNS-320B 1.02b01, DNS-345 1.03b06, DNS-325 1.05b03, and DNS-322L 2.00b07 allow remote attackers to bypass authentication and log in with administrator permissions by passing the cgi_set_wto command in the cmd parameter, and setting the spawned session's cookie to username=admin.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
D-Link DNR-322L Firmware	<=2.00b07
D-Link DNS-322L
Dlink DNS-325	<=1.05b03
D-Link DNS-325
D-Link DNS-345 Firmware	<=1.03b06
D-Link DNS-345
D-Link DNS-320B Firmware	<=1.02b01
D-Link DNS-320B
D-Link DNR-326	<=1.40b03
D-Link DNR-326
Dlink Dns-327l Firmware	<=1.02
D-Link DNS-327L
D-Link DNS-320L firmware	<=1.03b04
D-Link DNS-320L

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2014-7857?
CVE-2014-7857 has been assigned a high severity rating due to the potential for remote exploitation.
Which devices are affected by CVE-2014-7857?
CVE-2014-7857 affects D-Link DNS-320L, DNS-327L, DNR-326, DNS-320B, DNS-345, DNS-325, and DNS-322L firmware versions below the specified updates.
How do I fix CVE-2014-7857?
To fix CVE-2014-7857, update the firmware of the affected D-Link devices to the latest version listed in the advisory.
Can CVE-2014-7857 be exploited remotely?
Yes, CVE-2014-7857 allows remote attackers to bypass authentication, making it possible for unauthorized access.
What is the impact of CVE-2014-7857?
The impact of CVE-2014-7857 includes unauthorized administrative access, potentially leading to data compromise and device misuse.

agent/type
collector/mitre-cve
source/MITRE
agent/weakness
agent/severity
agent/author
agent/references
agent/last-modified-date
agent/first-publish-date
agent/event
agent/description
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/d-link
canonical/d-link dnr-322l firmware
version/d-link dnr-322l firmware/2.00b07
vendor/dlink
canonical/d-link dns-322l
canonical/dlink dns-325
version/dlink dns-325/1.05b03
canonical/d-link dns-325
canonical/d-link dns-345 firmware
version/d-link dns-345 firmware/1.03b06
canonical/d-link dns-345
canonical/d-link dns-320b firmware
version/d-link dns-320b firmware/1.02b01
canonical/d-link dns-320b
canonical/d-link dnr-326
version/d-link dnr-326/1.40b03
canonical/dlink dns-327l firmware
version/dlink dns-327l firmware/1.02
canonical/d-link dns-327l
canonical/d-link dns-320l firmware
version/d-link dns-320l firmware/1.03b04
canonical/d-link dns-320l