Multiple D-Link DIR Series Routers 'model/__show_info.php' Local File Disclosure Vulnerability Network Vulnerability

Summary

Multiple D-Link DIR series routers are prone to a local file- disclosure vulnerability. fails to adequately validate user- supplied input.

Impact

Exploiting this vulnerability would allow an attacker to obtain potentially sensitive information from local files on devices running the vulnerable application. This may aid in further attacks.

Solution

Ask the Vendor for an update.

Insight

The remote D-Link device fails to adequately validate user supplied input to 'REQUIRE_FILE' in '__show_info.php'

Affected

D-Link DIR-615 D-Link DIR-300 DIR-600

Detection

Send a crafted HTTP GET request which tries to read '/var/etc/httpasswd'

References

http://www.dlink.com/
http://www.securityfocus.com/bid/64043

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

AVTECH DVR Multiple Vulnerabilities
Arkeia Appliance Multiple Vulnerabilities
Adiscon LogAnalyzer Multiple SQL Injection and XSS Vulnerabilities
4psa Voipnow Local File Inclusion Vulnerability
Artmedic Kleinanzeigen File Inclusion Vulnerability

Take action and discover your vulnerabilities