N/A

The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

N/A

N/A

D-Link DIR-850L REV.A和REV.B 安全漏洞

D-Link DIR-850L REV.A和REV.B都是友讯（D-Link）公司的无线路由器产品。 使用FW114WWb07_h2ab_beta1及之前版本固件的D-Link DIR-850L REV.A和使用FW208WWb02及之前版本固件的REV.B设备中使用的D-Link NPAPI扩展存在安全漏洞，该漏洞源于程序没有验证SSL服务器端的X.509证书。攻击者可借助特制的证书利用该漏洞实施中间人攻击，冒充服务器并获取敏感信息。

N/A

N/A