Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:DIR:DLINK-ROUTER-MUL |
|---|---|
Severity |
Minor |
Recommended |
No |
Category |
HTTP |
Keywords |
D-Link Routers Multiple Vulnerabilities |
Release Date |
2019/09/22 |
Update Number |
3211 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: D-Link Routers Multiple Vulnerabilities
This signature detects attempts to exploit a known vulnerability against D-Link Routers. A successful attack can lead to Local File Inclusion.
Extended Description
Directory traversal vulnerability in the web interface on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices allows remote attackers to read arbitrary files via a /.. or // after "GET /uir" in an HTTP request. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-6190.
Affected Products
- D-link dir-140l_firmware 1.02
- D-link dir-640l_firmware 1.02
- D-link dwr-111_firmware 1.01
- D-link dwr-116_firmware 1.06
- D-link dwr-512_firmware 2.02
- D-link dwr-712_firmware 2.02
- D-link dwr-912_firmware 2.02
- D-link dwr-921_firmware 2.02
References
- CVE: CVE-2018-10822
- CVE: CVE-2018-10823
- CVE: CVE-2018-10824