D-Link Router DIR-600 discloses admin credentials via LFI leading to authentication bypass.
D-Link Router DIR-600 firmware version 2.01B1. Older versions may also be affected.
Detection Logic (Unauthenticated):
This QID actively tries to grab admin password from vulnerable routers.
An unauthenticated, remote attacker could exploit this vulnerability to gain retrieve admin password and gain access to the router’s interface.
Customers are advised to upgrade to the latest firmware.
Following are links for downloading patches to fix the vulnerabilities: