Directory traversal vulnerability in the web interface on the D-Link DWR-116 device with firmware before V1.05b09 allows remote malicious users to read arbitrary files via a .. (dot dot) in a "GET /uir/" request.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
dlink dwr-116_firmware v1.01\\(eu\\) |
||
dlink dwr-116_firmware v1.00\\(cp\\)b10 |
||
dlink dwr-116_firmware v1.05\\(au\\) |
Plain text password storage? Check. Directory traversal? Check. SOHOpeless? Check
Eight D-Link router variants are vulnerable to complete pwnage via a combination of security screwups, and only two are going to get patched. Błażej Adamczyk of the Silesian University of Technology in Poland posted this month to Full Disclosure that he discovered the bugs in May of this year and notified D-Link. Despite insisting patches would be released four months ago from now, D-Link hasn't addressed the issue, so Adamczyk has gone public with the security holes. For some of the affected ...