PT-2017-13462 · D Link · Mydlink Cloud Services+1
Pierre Kim
·
Published
2017-09-13
·
Updated
2023-11-08
·
CVE-2017-14418
CVSS v3.1
8.1
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
D-Link DIR-850L REV. B versions through FW208WWb02
Description
The issue concerns the transmission of the admin password in cleartext over the Internet when the D-Link NPAPI extension interacts with mydlink Cloud Services.
Recommendations
For D-Link DIR-850L REV. B versions through FW208WWb02, consider changing the admin password regularly and avoid using the same password across multiple devices until a fix is available. As a temporary workaround, restrict access to mydlink Cloud Services to minimize the risk of exploitation.
Exploit
Fix
Insufficiently Protected Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
D-Link Dir-850L
Mydlink Cloud Services