CVE-2018-10822

Name of the Vulnerable Software and Affected Versions D-Link DWR-116 versions 1.06 and earlier D-Link DIR-140L versions 1.02 and earlier D-Link DIR-640L versions 1.02 and earlier D-Link DWR-512 versions 2.02 and earlier D-Link DWR-712 versions 2.02 and earlier D-Link DWR-912 versions 2.02 and earlier D-Link DWR-921 versions 2.02 and earlier D-Link DWR-111 versions 1.01 and earlier

Description The issue is related to a directory traversal vulnerability in the web interface of D-Link devices. This vulnerability allows remote attackers to read arbitrary files via a specially crafted HTTP request, such as by including /.. or // after "GET /uir". The vulnerability exists due to insufficient path checking.

Recommendations For D-Link DWR-116 versions 1.06 and earlier, update to a version later than 1.06. For D-Link DIR-140L versions 1.02 and earlier, update to a version later than 1.02. For D-Link DIR-640L versions 1.02 and earlier, update to a version later than 1.02. For D-Link DWR-512 versions 2.02 and earlier, update to a version later than 2.02. For D-Link DWR-712 versions 2.02 and earlier, update to a version later than 2.02. For D-Link DWR-912 versions 2.02 and earlier, update to a version later than 2.02. For D-Link DWR-921 versions 2.02 and earlier, update to a version later than 2.02. For D-Link DWR-111 versions 1.01 and earlier, update to a version later than 1.01. As a temporary workaround, consider restricting access to the web interface until a patch is available.