CVE-2014-3872
D-Link DAP-1350 Firmware < 1.14 - SQL Injection via Username or Password
Title source: llmDescription
Multiple SQL injection vulnerabilities in the administration login page in D-Link DAP-1350 (Rev. A1) with firmware 1.14 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/67310
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/58254
Exploit, Vendor Advisory x_refsource_confirm
http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10023
Scores
EPSS
0.0024
EPSS Percentile
46.8%
Details
CWE
CWE-89
Status
published
Products (3)
dlink/dap-1350
rev._a1
dlink/dap-1350_firmware
1.10
dlink/dap-1350_firmware
< 1.14
Published
May 27, 2014
Tracked Since
Feb 18, 2026