CVE-2014-3872

Multiple SQL injection vulnerabilities in the administration login page in D-Link DAP-1350 (Rev. A1) with firmware 1.14 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:dlink:dap-1350_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dap-1350_firmware:1.10:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dap-1350:rev._a1:*:*:*:*:*:*:*

History

21 Nov 2024, 02:09

Type Values Removed Values Added
References () http://secunia.com/advisories/58254 - () http://secunia.com/advisories/58254 -
References () http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10023 - Exploit, Vendor Advisory () http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10023 - Exploit, Vendor Advisory
References () http://www.securityfocus.com/bid/67310 - () http://www.securityfocus.com/bid/67310 -

Information

Published : 2014-05-27 13:55

Updated : 2024-11-21 02:09


NVD link : CVE-2014-3872

Mitre link : CVE-2014-3872

CVE.ORG link : CVE-2014-3872


JSON object : View

Products Affected

dlink

  • dap-1350_firmware
  • dap-1350
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')