RSS   Vulnerabilities for 'Dwr-932b firmware'   RSS

2017-01-29
 
CVE-2016-10186

 

 
An issue was discovered on the D-Link DWR-932B router. /var/miniupnpd.conf has no deny rules.

 
 
CVE-2016-10185

 

 
An issue was discovered on the D-Link DWR-932B router. A secure_mode=no line exists in /var/miniupnpd.conf.

 
 
CVE-2016-10184

 

 
An issue was discovered on the D-Link DWR-932B router. qmiweb allows file reading with ..%2f traversal.

 
 
CVE-2016-10183

 

 
An issue was discovered on the D-Link DWR-932B router. qmiweb allows directory listing with ../ traversal.

 
 
CVE-2016-10182

 

 
An issue was discovered on the D-Link DWR-932B router. qmiweb allows command injection with ` characters.

 
 
CVE-2016-10181

 

 
An issue was discovered on the D-Link DWR-932B router. qmiweb provides sensitive information for CfgType=get_homeCfg requests.

 
 
CVE-2016-10180

 

 
An issue was discovered on the D-Link DWR-932B router. WPS PIN generation is based on srand(time(0)) seeding.

 
 
CVE-2016-10179

 

 
An issue was discovered on the D-Link DWR-932B router. There is a hardcoded WPS PIN of 28296607.

 
 
CVE-2016-10178

 

 
An issue was discovered on the D-Link DWR-932B router. HELODBG on port 39889 (UDP) launches the "/sbin/telnetd -l /bin/sh" command.

 
 
CVE-2016-10177

 

 
An issue was discovered on the D-Link DWR-932B router. Undocumented TELNET and SSH services provide logins to admin with the password admin and root with the password 1234.

 


Copyright 2024, cxsecurity.com

 

Back to Top