CVE-2017-12943 D-Link Router DIR-600 Authentication Bypass Vulnerability

漏洞类别:Hardware

漏洞等级:

漏洞信息

D-Link Router DIR-600 discloses admin credentials via LFI leading to authentication bypass.

Affected Routers:
D-Link Router DIR-600 firmware version 2.01B1. Older versions may also be affected.

Detection Logic (Unauthenticated):
This QID actively tries to grab admin password from vulnerable routers.

漏洞危害

An unauthenticated, remote attacker could exploit this vulnerability to gain retrieve admin password and gain access to the router’s interface.

解决方案

Customers are advised to upgrade to the latest firmware.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

MyDLink

Leave a Reply