D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices use the same hardcoded /etc/stunnel.key private key across different customers' installations, which allows remote attackers to defeat the HTTPS cryptographic protection mechanisms by leveraging knowledge of this key from another installation.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-09-13T17:00:00

Updated: 2024-08-05T19:27:40.355Z

Reserved: 2017-09-13T00:00:00

Link: CVE-2017-14422

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2017-09-13T17:29:00.573

Modified: 2024-11-21T03:12:45.563

Link: CVE-2017-14422

cve-icon Redhat

No data.