Vulnerabilities (CVE)

Filtered by vendor D-link Subscribe
Filtered by product Dns-320l Firmware
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-7860 2 D-link, Dlink 4 Dns-320l Firmware, Dns-327l Firmware, Dns-320l and 1 more 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
The web/web_file/fb_publish.php script in D-Link DNS-320L before 1.04b12 and DNS-327L before 1.03b04 Build0119 does not authenticate requests, which allows remote attackers to obtain arbitrary photos and publish them to an arbitrary Facebook profile via a target album_id and access_token.
CVE-2014-7857 2 D-link, Dlink 14 Dnr-326 Firmware, Dns-320b Firmware, Dns-320l Firmware and 11 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
D-Link DNS-320L firmware before 1.04b12, DNS-327L before 1.03b04 Build0119, DNR-326 1.40b03, DNS-320B 1.02b01, DNS-345 1.03b06, DNS-325 1.05b03, and DNS-322L 2.00b07 allow remote attackers to bypass authentication and log in with administrator permissions by passing the cgi_set_wto command in the cmd parameter, and setting the spawned session's cookie to username=admin.