Sign-up

ID

VAR-201405-0449


CVE

CVE-2014-3872


TITLE

D-Link DAP-1350 SQL Injection Vulnerability

Trust: 1.5

sources: CNVD: CNVD-2014-02960 // BID: 67310 // CNNVD: CNNVD-201405-356

DESCRIPTION

Multiple SQL injection vulnerabilities in the administration login page in D-Link DAP-1350 (Rev. A1) with firmware 1.14 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password. D-Link DAP-1350 (Rev. The D-Link DAP-1350 is a router device. The D-Link DAP-1350 login page failed to properly filter user-submitted input, allowing remote attackers to exploit exploits to submit specially crafted SQL queries to bypass authentication. D-Link DAP-1350 is prone to an SQL-injection vulnerability. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Version prior to D-Link DAP-1350 1.14 (HW version A1). D-Link DAP-1350 is a wireless access device product of D-Link

Trust: 2.61

sources: NVD: CVE-2014-3872 // JVNDB: JVNDB-2014-002671 // CNVD: CNVD-2014-02960 // BID: 67310 // VULHUB: VHN-71812 // VULMON: CVE-2014-3872

IOT TAXONOMY

category:['IoT', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-02960

AFFECTED PRODUCTS

vendor:d linkmodel:dap-1350scope:eqversion:1.14

Trust: 1.2

vendor:dlinkmodel:dap-1350scope:lteversion:1.14

Trust: 1.0

vendor:dlinkmodel:dap-1350scope:eqversion:rev._a1

Trust: 1.0

vendor:dlinkmodel:dap-1350scope:eqversion:1.10

Trust: 1.0

vendor:d linkmodel:dap-1350scope:eqversion:rev. a1

Trust: 0.8

vendor:d linkmodel:dap-1350scope:lteversion:1.14

Trust: 0.8

vendor:d linkmodel:dap-1350scope:eqversion:1.10

Trust: 0.6

sources: CNVD: CNVD-2014-02960 // JVNDB: JVNDB-2014-002671 // CNNVD: CNNVD-201405-356 // NVD: CVE-2014-3872

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-3872
value: HIGH

Trust: 1.0

NVD: CVE-2014-3872
value: HIGH

Trust: 0.8

CNVD: CNVD-2014-02960
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201405-356
value: HIGH

Trust: 0.6

VULHUB: VHN-71812
value: HIGH

Trust: 0.1

VULMON: CVE-2014-3872
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-3872
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2014-02960
severity: MEDIUM
baseScore: 6.1
vectorString: AV:L/AC:L/AU:N/C:C/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-71812
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2014-02960 // VULHUB: VHN-71812 // VULMON: CVE-2014-3872 // JVNDB: JVNDB-2014-002671 // CNNVD: CNNVD-201405-356 // NVD: CVE-2014-3872

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

sources: VULHUB: VHN-71812 // JVNDB: JVNDB-2014-002671 // NVD: CVE-2014-3872

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201405-356

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201405-356

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-002671

PATCH
title:SAP10023url:http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10023
Trust: 0.8
title:D-Link DAP-1350 SQL Injection Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/45531
Trust: 0.6
title:D-Link DAP-1350 SQL Repair measures for injecting vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=234985
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-02960 // 
            
            
            
            JVNDB: JVNDB-2014-002671 // 
            
            
            
            CNNVD: CNNVD-201405-356

EXTERNAL IDS
db:NVDid:CVE-2014-3872
Trust: 3.5
db:BIDid:67310
Trust: 2.7
db:DLINKid:SAP10023
Trust: 2.4
db:SECUNIAid:58254
Trust: 1.8
db:JVNDBid:JVNDB-2014-002671
Trust: 0.8
db:CNNVDid:CNNVD-201405-356
Trust: 0.7
db:CNVDid:CNVD-2014-02960
Trust: 0.6
db:VULHUBid:VHN-71812
Trust: 0.1
db:VULMONid:CVE-2014-3872
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2014-02960 // 
            
            
            
            VULHUB: VHN-71812 // 
            
            
            
            VULMON: CVE-2014-3872 // 
            
            
            
            BID: 67310 // 
            
            
            
            JVNDB: JVNDB-2014-002671 // 
            
            
            
            CNNVD: CNNVD-201405-356 // 
            
            
            
            NVD: CVE-2014-3872

REFERENCES
url:http://securityadvisories.dlink.com/security/publication.aspx?name=sap10023
Trust: 2.4
url:http://www.securityfocus.com/bid/67310
Trust: 1.9
url:http://secunia.com/advisories/58254
Trust: 1.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3872
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3872
Trust: 0.8
url:http://www.dlink.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/89.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2014-02960 // 
            
            
            
            VULHUB: VHN-71812 // 
            
            
            
            VULMON: CVE-2014-3872 // 
            
            
            
            BID: 67310 // 
            
            
            
            JVNDB: JVNDB-2014-002671 // 
            
            
            
            CNNVD: CNNVD-201405-356 // 
            
            
            
            NVD: CVE-2014-3872

CREDITS
SensePost Information Security
Trust: 0.9
sources:
            
            
            BID: 67310 // 
            
            
            
            CNNVD: CNNVD-201405-356

SOURCES
db:CNVDid:CNVD-2014-02960
db:VULHUBid:VHN-71812
db:VULMONid:CVE-2014-3872
db:BIDid:67310
db:JVNDBid:JVNDB-2014-002671
db:CNNVDid:CNNVD-201405-356
db:NVDid:CVE-2014-3872

LAST UPDATE DATE
2025-04-13T23:34:12.077000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-02960date:2014-05-13T00:00:00
db:VULHUBid:VHN-71812date:2015-09-29T00:00:00
db:VULMONid:CVE-2014-3872date:2015-09-29T00:00:00
db:BIDid:67310date:2014-06-02T01:20:00
db:JVNDBid:JVNDB-2014-002671date:2014-05-29T00:00:00
db:CNNVDid:CNNVD-201405-356date:2023-04-27T00:00:00
db:NVDid:CVE-2014-3872date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2014-02960date:2014-05-13T00:00:00
db:VULHUBid:VHN-71812date:2014-05-27T00:00:00
db:VULMONid:CVE-2014-3872date:2014-05-27T00:00:00
db:BIDid:67310date:2014-05-08T00:00:00
db:JVNDBid:JVNDB-2014-002671date:2014-05-29T00:00:00
db:CNNVDid:CNNVD-201405-356date:2014-05-22T00:00:00
db:NVDid:CVE-2014-3872date:2014-05-27T13:55:07.207