Vulnerability Details CVE-2017-14419
The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices, participates in mydlink Cloud Services by establishing a TCP relay service for HTTP, even though a TCP relay service for HTTPS is also established.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 63.4%
CVSS Severity
CVSS v3 Score 5.9
CVSS v2 Score 4.3
References
Products affected by CVE-2017-14419
-
cpe:2.3:h:dlink:dir-850l:-
-
cpe:2.3:o:dlink:dir-850l_firmware:-
-
cpe:2.3:o:dlink:dir-850l_firmware:1.02
-
cpe:2.3:o:dlink:dir-850l_firmware:1.08b03
-
cpe:2.3:o:dlink:dir-850l_firmware:1.08trb03
-
cpe:2.3:o:dlink:dir-850l_firmware:1.09
-
cpe:2.3:o:dlink:dir-850l_firmware:1.14b07
-
cpe:2.3:o:dlink:dir-850l_firmware:1.21b07
-
cpe:2.3:o:dlink:dir-850l_firmware:2.06
-
cpe:2.3:o:dlink:dir-850l_firmware:2.07.b05
-
cpe:2.3:o:dlink:dir-850l_firmware:2.21b01
-
cpe:2.3:o:dlink:dir-850l_firmware:2.22b02
-
cpe:2.3:o:dlink:dir-850l_firmware:fw114wwb07_h2ab
-
cpe:2.3:o:dlink:dir-850l_firmware:fw208wwb02