Dwr-932b Firmware Security Vulnerabilities
An issue was discovered on the D-Link DWR-932B router. Undocumented TELNET and SSH services provide logins to admin with the password admin and root with the password 1234.
9.8CVSS
9.4AI Score
0.51EPSS
An issue was discovered on the D-Link DWR-932B router. HELODBG on port 39889 (UDP) launches the "/sbin/telnetd -l /bin/sh" command.
9.8CVSS
9.3AI Score
0.507EPSS
An issue was discovered on the D-Link DWR-932B router. There is a hardcoded WPS PIN of 28296607.
7.5CVSS
7.5AI Score
0.527EPSS
An issue was discovered on the D-Link DWR-932B router. WPS PIN generation is based on srand(time(0)) seeding.
7.5CVSS
7.5AI Score
0.666EPSS
An issue was discovered on the D-Link DWR-932B router. qmiweb provides sensitive information for CfgType=get_homeCfg requests.
7.5CVSS
7.4AI Score
0.523EPSS
An issue was discovered on the D-Link DWR-932B router. qmiweb allows command injection with ` characters.
9.8CVSS
9.7AI Score
0.618EPSS
An issue was discovered on the D-Link DWR-932B router. qmiweb allows directory listing with ../ traversal.
7.5CVSS
7.5AI Score
0.493EPSS
An issue was discovered on the D-Link DWR-932B router. qmiweb allows file reading with ..%2f traversal.
7.5CVSS
7.5AI Score
0.493EPSS
An issue was discovered on the D-Link DWR-932B router. A secure_mode=no line exists in /var/miniupnpd.conf.
7.5CVSS
7.5AI Score
0.348EPSS
An issue was discovered on the D-Link DWR-932B router. /var/miniupnpd.conf has no deny rules.
7.5CVSS
7.5AI Score
0.348EPSS