These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2016-10186 affects the D-Link DWR-932B router firmware identified in NVD as cpe:2.3:o:dlink:dwr-932b_firmware:02.02eu:revb. The NVD description says /var/miniupnpd.conf has no deny rules, indicating a configuration weakness in the router’s miniupnpd setup. NVD rates the issue HIGH (CVSS 7.5) with network attack vector, no privileges, and no user interaction, and the supplied CVSS vector shows integrit [truncated]
CVE-2016-10185 describes an insecure configuration on the D-Link DWR-932B router: a secure_mode=no line is present in /var/miniupnpd.conf. NVD classifies the issue as High severity with a CVSS 3.1 score of 7.5 and lists the affected firmware as 02.02eu revB. The public record and third-party advisory references point to a configuration weakness rather than a software memory-safety flaw.
CVE-2016-10184 is a high-severity path traversal issue in the D-Link DWR-932B router. According to NVD, the qmiweb component allows file reading using ..%2f traversal, which can expose local files over the network. NVD classifies the weakness as CWE-22 and rates it CVSS 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating remote exploitation without privileges or user interaction and a confidentiality impact.
CVE-2016-10183 affects the D-Link DWR-932B router firmware and is described as a qmiweb directory listing flaw involving ../ traversal. NVD rates it HIGH with a CVSS v3.1 score of 7.5, driven by network reachability, no required privileges, no user interaction, and high confidentiality impact. The primary defensive concern is unauthorized disclosure of files or directory contents exposed by the web component.
CVE-2016-10182 is a critical command-injection vulnerability in the D-Link DWR-932B router firmware. NVD states that qmiweb allows command injection using backtick characters, and the affected NVD CPE entry is DWR-932B firmware 02.02eu revb. The issue carries a 9.8 CVSS 3.1 score and is classified as CWE-77.
CVE-2016-10181 is an information disclosure issue in the D-Link DWR-932B router: requests to qmiweb with CfgType=get_homeCfg can expose sensitive information. NVD rates the issue HIGH (CVSS 7.5) because it is network-reachable, requires no authentication or user interaction, and can disclose high-confidentiality data.
CVE-2016-10179 describes a hardcoded WPS PIN on the D-Link DWR-932B router. Because the PIN is fixed rather than unique, it undermines the intended security properties of WPS and can expose wireless access controls to unauthorized use. NVD rates the issue High with a network-reachable, no-authentication attack profile.
CVE-2016-10178 is a critical D-Link DWR-932B router issue in which the HELODBG service on UDP port 39889 triggers "/sbin/telnetd -l /bin/sh". NVD rates the issue CVSS 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), consistent with a network-reachable path to device compromise or shell exposure.
CVE-2016-10177 is a critical authentication flaw in the D-Link DWR-932B router. NVD says undocumented TELNET and SSH services accept fixed logins for admin/admin and root/1234, which maps to CWE-798 and yields a CVSS 3.1 score of 9.8. Because the services are network-accessible and require no valid credentials, exposed devices should be treated as high-risk.