Published: 10/04/2017 Updated: 16/08/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Directory traversal vulnerability in the web interface on the D-Link DWR-116 device with firmware before V1.05b09 allows remote malicious users to read arbitrary files via a .. (dot dot) in a "GET /uir/" request.

Vulnerable Product	Search on Vulmon	Subscribe to Product
dlink dwr-116_firmware v1.01\\(eu\\)
dlink dwr-116_firmware v1.00\\(cp\\)b10
dlink dwr-116_firmware v1.05\\(au\\)

# Title: D-Link DWR-116 Arbitrary File Download # Vendor: D-Link (wwwdlinkcom) # Affected model(s): DWR-116 / DWR-116A1 # Tested on: V101(EU), V100(CP)b10, V105(AU) # CVE: CVE-2017-6190 # Date: 04072016 # Author: Patryk Bogdan (@patryk_bogdan) Description: D-Link DWR-116 with firmware before V105b09 suffers from vulnerability which leads t ...

D-Link DWR-116 suffers from an arbitrary file download vulnerability via a directory traversal attack ...

Multiple D-Link router models suffer from code execution, plain-text password storage, and directory traversal vulnerabilities ...

Last year, D-Link flubbed a router bug-fix, so it's back with total pwnage

The Register • Richard Chirgwin • 17 Oct 2018

Plain text password storage? Check. Directory traversal? Check. SOHOpeless? Check

Eight D-Link router variants are vulnerable to complete pwnage via a combination of security screwups, and only two are going to get patched. Błażej Adamczyk of the Silesian University of Technology in Poland posted this month to Full Disclosure that he discovered the bugs in May of this year and notified D-Link. Despite insisting patches would be released four months ago from now, D-Link hasn't addressed the issue, so Adamczyk has gone public with the security holes. For some of the affected ...

CVE-2017-6190

Vulnerability Summary

Exploits

Recent Articles

References

Vulmon Search

About

Products

Connect