CVE-2014-3872 Information

Description

Multiple SQL injection vulnerabilities in the administration login page in D-Link DAP-1350 (Rev. A1) with firmware 1.14 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password.

Reference

http://secunia.com/advisories/58254 http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10023 http://www.securityfocus.com/bid/67310