CVE-2016-10186

An issue was discovered on the D-Link DWR-932B router. /var/miniupnpd.conf has no deny rules.

Source: CVE-2016-10186

CVE-2016-10185

An issue was discovered on the D-Link DWR-932B router. A secure_mode=no line exists in /var/miniupnpd.conf.

Source: CVE-2016-10185

CVE-2016-10184

An issue was discovered on the D-Link DWR-932B router. qmiweb allows file reading with ..%2f traversal.

Source: CVE-2016-10184

CVE-2016-10183

An issue was discovered on the D-Link DWR-932B router. qmiweb allows directory listing with ../ traversal.

Source: CVE-2016-10183

CVE-2016-10181

An issue was discovered on the D-Link DWR-932B router. qmiweb provides sensitive information for CfgType=get_homeCfg requests.

Source: CVE-2016-10181

CVE-2016-10175

The NETGEAR WNR2000v5 router leaks its serial number when performing a request to the /BRS_netgear_success.html URI. This serial number allows a user to obtain the administrator username and password, when used in combination with the CVE-2016-10176 vulnerability that allows resetting the answers to the password-recovery questions.

Source: CVE-2016-10175

CVE-2016-10179

An issue was discovered on the D-Link DWR-932B router. There is a hardcoded WPS PIN of 28296607.

Source: CVE-2016-10179

CVE-2016-10174

The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution.

Source: CVE-2016-10174

CVE-2016-10177

An issue was discovered on the D-Link DWR-932B router. Undocumented TELNET and SSH services provide logins to admin with the password admin and root with the password 1234.

Source: CVE-2016-10177

CVE-2017-5612

Cross-site scripting (XSS) vulnerability in wp-admin/includes/class-wp-posts-list-table.php in the posts list table in WordPress before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via a crafted excerpt.

Source: CVE-2017-5612