D Link · Dir-600M · CVE-2017-12943
**Name of the Vulnerable Software and Affected Versions**
D-Link DIR-600 Rev Bx versions 2.x
**Description**
The issue allows remote attackers to read passwords via an absolute path traversal attack using the "model/ show info.php?REQUIRE FILE=" endpoint. This can be exploited to discover the admin password.
**Recommendations**
For version 2.x, as a temporary workaround, consider restricting access to the "model/ show info.php" endpoint until a patch is available. Avoid using the `REQUIRE FILE` parameter in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.