What is the severity of CVE-2014-7860?

CVE-2014-7860 has a medium severity rating due to its potential to allow unauthorized access to published photos.

How do I fix CVE-2014-7860?

To fix CVE-2014-7860, update the firmware of D-Link DNS-320L to version 1.04b12 or newer and DNS-327L to version 1.03b04 Build0119 or newer.

What devices are affected by CVE-2014-7860?

CVE-2014-7860 affects D-Link DNS-320L versions prior to 1.04b12 and DNS-327L versions prior to 1.03b04 Build0119.

What type of vulnerability is CVE-2014-7860?

CVE-2014-7860 is an authentication bypass vulnerability that allows attackers to publish photos without proper authentication.

Can I be attacked if I am using an updated version of the affected devices for CVE-2014-7860?

If you are using an updated version of the affected devices, you are protected from the vulnerability associated with CVE-2014-7860.

Vulnerability/
CVE-2014-7860

medium

5.3

CWE

200 287

25/8/2017

6/8/2024

CVE-2014-7860: Infoleak

First published: Fri Aug 25 2017(Updated: )

The web/web_file/fb_publish.php script in D-Link DNS-320L before 1.04b12 and DNS-327L before 1.03b04 Build0119 does not authenticate requests, which allows remote attackers to obtain arbitrary photos and publish them to an arbitrary Facebook profile via a target album_id and access_token.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Dlink Dns-327l Firmware	<=1.02
D-Link DNS-327L
D-Link DNS-320L Firmware	<=1.03b04
D-Link DNS-320L

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2014-7860?
CVE-2014-7860 has a medium severity rating due to its potential to allow unauthorized access to published photos.
How do I fix CVE-2014-7860?
To fix CVE-2014-7860, update the firmware of D-Link DNS-320L to version 1.04b12 or newer and DNS-327L to version 1.03b04 Build0119 or newer.
What devices are affected by CVE-2014-7860?
CVE-2014-7860 affects D-Link DNS-320L versions prior to 1.04b12 and DNS-327L versions prior to 1.03b04 Build0119.
What type of vulnerability is CVE-2014-7860?
CVE-2014-7860 is an authentication bypass vulnerability that allows attackers to publish photos without proper authentication.
Can I be attacked if I am using an updated version of the affected devices for CVE-2014-7860?
If you are using an updated version of the affected devices, you are protected from the vulnerability associated with CVE-2014-7860.

agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/weakness
agent/severity
agent/author
agent/references
agent/last-modified-date
agent/first-publish-date
agent/event
agent/description
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/d-link
canonical/dlink dns-327l firmware
version/dlink dns-327l firmware/1.02
vendor/dlink
canonical/d-link dns-327l
canonical/d-link dns-320l firmware
version/d-link dns-320l firmware/1.03b04
canonical/d-link dns-320l

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.