CVE-2014-7858

Name of the Vulnerable Software and Affected Versions D-Link DNR-326 versions prior to 2.10 build 03

Description The issue is related to the check login function and is caused by weaknesses in the authentication procedure. It allows a remote attacker to bypass authentication and log in by manipulating the username cookie parameter.

Recommendations For versions prior to 2.10 build 03, update to version 2.10 build 03 or later to resolve the issue. As a temporary workaround, consider restricting access to the check login function until a patch is available. Avoid using the username cookie parameter in the affected login endpoint until the issue is resolved.