CVE-2014-7860

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions: D-Link DNS-320L versions prior to 1.04b12 D-Link DNS-327L versions prior to 1.03b04 Build0119

Description: The issue allows remote attackers to obtain arbitrary photos and publish them to an arbitrary Facebook profile via a target album id and access token. This is due to the lack of authentication for requests in the web/web file/fb publish.php script.

Recommendations: For D-Link DNS-320L versions prior to 1.04b12, update to version 1.04b12 or later. For D-Link DNS-327L versions prior to 1.03b04 Build0119, update to version 1.03b04 Build0119 or later.

Fix

Information Disclosure

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-287

Related Identifiers

CVE-2014-7860

Affected Products

D-Link Dns-320

D-Link Dns-327L

Facebook

CVE-2014-7860

Weakness Enumeration

Related Identifiers

Affected Products

References · 6