CVE-2017-14418

HIGH

D-Link NPAPI - Info Disclosure

Title source: llm

Description

The D-Link NPAPI extension, as used in conjunction with D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices, sends the cleartext admin password over the Internet as part of interaction with mydlink Cloud Services.

References (1)

[Exploit, Third Party Advisory] https://pierrekim.github.io/blog/2017-09-08-dlink-850l-mydlink-cloud-0days-vulnerabilities.html

Scores

CVSS v3 8.1

EPSS 0.0077

EPSS Percentile 73.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-522

Status draft

Affected Products (1)

dlink/dir-850l_firmware < fw208wwb02

Timeline

Published Sep 13, 2017

Tracked Since Feb 18, 2026