An issue exists on D-Link DWR-116 up to and including 1.06, DIR-140L up to and including 1.02, DIR-640L up to and including 1.02, DWR-512 up to and including 2.02, DWR-712 up to and including 2.02, DWR-912 up to and including 2.02, DWR-921 up to and including 2.02, and DWR-111 up to and including 1.01 devices. The administrative password is stored in plaintext in the /tmp/csman/0 file. An attacker having a directory traversal (or LFI) can easily get full router access.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
dlink dwr-116 firmware |
||
dlink dir-140l firmware |
||
dlink dir-640l firmware |
||
dlink dwr-512 firmware |
||
dlink dwr-712 firmware |
||
dlink dwr-912 firmware |
||
dlink dwr-921 firmware |
||
dlink dwr-111 firmware |
Plain text password storage? Check. Directory traversal? Check. SOHOpeless? Check
Eight D-Link router variants are vulnerable to complete pwnage via a combination of security screwups, and only two are going to get patched. Błażej Adamczyk of the Silesian University of Technology in Poland posted this month to Full Disclosure that he discovered the bugs in May of this year and notified D-Link. Despite insisting patches would be released four months ago from now, D-Link hasn't addressed the issue, so Adamczyk has gone public with the security holes. For some of the affected ...