CVE-2014-3872

Multiple SQL injection vulnerabilities in the administration login page in D-Link DAP-1350 (Rev. A1) with firmware 1.14 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:dlink:dap-1350_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dap-1350_firmware:1.10:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dap-1350:rev._a1:*:*:*:*:*:*:*

History

No history.

Information

Published : 2014-05-27 13:55

Updated : 2024-02-28 12:20


NVD link : CVE-2014-3872

Mitre link : CVE-2014-3872

CVE.ORG link : CVE-2014-3872


JSON object : View

Products Affected

dlink

  • dap-1350_firmware
  • dap-1350
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')