CVE-2017-12943

Name of the Vulnerable Software and Affected Versions D-Link DIR-600 Rev Bx versions 2.x

Description The issue allows remote attackers to read passwords via an absolute path traversal attack using the "model/ show info.php?REQUIRE FILE=" endpoint. This can be exploited to discover the admin password.

Recommendations For version 2.x, as a temporary workaround, consider restricting access to the "model/ show info.php" endpoint until a patch is available. Avoid using the REQUIRE FILE parameter in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.