PT-2017-18702 · D Link · Dir-600M
Published
2017-05-21
·
Updated
2021-04-23
·
CVE-2017-9100
CVSS v3.1
8.8
High
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
D-Link DIR-600M firmware 3.04
Description
The issue allows remote attackers to bypass authentication on the device by entering more than 20 blank spaces in the
password field during an admin login attempt to the "login.cgi" endpoint.Recommendations
For firmware 3.04, consider restricting access to the "login.cgi" endpoint until a patch is available, and avoid using blank spaces in the
password field to minimize the risk of exploitation.Exploit
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dir-600M