PT-2017-18702 · D Link · Dir-600M
Publicado
2017-05-21
·
Atualizado
2021-04-23
·
CVE-2017-9100
CVSS v3.1
8.8
Alta
| Vetor | AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
D-Link DIR-600M firmware 3.04
Description
The issue allows remote attackers to bypass authentication on the device by entering more than 20 blank spaces in the
password field during an admin login attempt to the "login.cgi" endpoint.Recommendations
For firmware 3.04, consider restricting access to the "login.cgi" endpoint until a patch is available, and avoid using blank spaces in the
password field to minimize the risk of exploitation.Exploit
Correção
Improper Authentication
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Dir-600M