RSS   Vulnerabilities for 'Dwr-116 firmware'   RSS

2019-04-11
 
CVE-2018-19300

CWE-20
 

 
On D-Link DAP-1530 (A1) before firmware version 1.06b01, DAP-1610 (A1) before firmware version 1.06b01, DWR-111 (A1) before firmware version 1.02v02, DWR-116 (A1) before firmware version 1.06b03, DWR-512 (B1) before firmware version 2.02b01, DWR-711 (A1) through firmware version 1.11, DWR-712 (B1) before firmware version 2.04b01, DWR-921 (A1) before firmware version 1.02b01, and DWR-921 (B1) before firmware version 2.03b01, there exists an EXCU_SHELL file in the web directory. By sending a GET request with specially crafted headers to the /EXCU_SHELL URI, an attacker could execute arbitrary shell commands in the root context on the affected device. Other devices might be affected as well.

 
2018-10-17
 
CVE-2018-10824

CWE-522
 

 
An issue was discovered on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. The administrative password is stored in plaintext in the /tmp/csman/0 file. An attacker having a directory traversal (or LFI) can easily get full router access.

 
 
CVE-2018-10823

CWE-78
 

 
An issue was discovered on D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. An authenticated attacker may execute arbitrary code by injecting the shell command into the chkisg.htm page Sip parameter. This allows for full control over the device internals.

 
 
CVE-2018-10822

CWE-22
 

 
Directory traversal vulnerability in the web interface on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices allows remote attackers to read arbitrary files via a /.. or // after "GET /uir" in an HTTP request. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-6190.

 

 >>> Vendor: D-link 231 Products
Tftp server
Dl-704
Dwl-1000ap
Dp-303
Di-804
Dwl-900ap+
Di-614+
Di-624
Di-704p
Di-604
Dcs-900 internet camera
Dsl-502t
Dsl-504t
Dsl-562t
Dsl-g604t
Di-524
Di-784
Dwl-g700ap
Dsa-3100 airspot gateway
Dwl-2100ap
Di-604 broadband router
Ebr-2310 ethernet broadband router
Wbr-1310 wireless g router
Wbr-2310 rangebooster g router
Dsl-g624t
Dwl-g132
Dwl-2000ap+
Dph-540
Dph-541
Dir-100
Mpeg4 shm audio control
Dir-400
Dkvm-ip8
Dir-300
Camera stream client activex control
Dcs-5605 ptz ip network camera
Dsl-2730u
Dcs-932l camera
Dcs-932l camera firmware
Di-524up
Di-604+
Di-604s
Di-604up
Di-624s
Dir-120
Tm-g5240
Dsr-1000
Dsr-1000n
Dsr-150
Dsr-150n
Dsr-250
Dsr-500
Dsr-500n
Dsr-1000 firmware
Dsr-1000n firmware
Dsr-150 firmware
Dsr-150n firmware
Dsr-250 firmware
Dsr-250n firmware
Dsr-500 firmware
Dsr-500n firmware
Dsl-2640r
Dsl-2641r
Dap 2253
Dap 2253 firmware
Dir-505l shareport mobile companion
Dir-826l wireless n600 cloud router
Dir-505l shareport mobile companion firmware
Dir-826l wireless n600 cloud router firmware
Dap 1150
Dap 1150 firmware
Dap-1350
Dap-1350 firmware
Dir505 shareport mobile companion
Dsp-w215
Dir505 shareport mobile companion firmware
Dir505l shareport mobile companion firmware
Dsp-w215 firmware
Dir-601
Dir-601 firmware
Dsl-2760u-e1
Dir-645
Dir-645 firmware
Dsl2740u
Dsl2750u
Dcs-2103 hd cube network camera
Dcs-2103 hd cube network camera firmware
Dir-655
Dir-655 firmware
Dir-60
Dir-600 firmware
Dap-1360 firmware
Dsl-2730b firmware
Dcs-931l firmware
Dap-1320 firmware
Dcs-932l
Dcs-932l firmware
Dir-600l
Dir-605l
Dir-619l
See all Products for Vendor D-link


Copyright 2024, cxsecurity.com

 

Back to Top