|
|||
Rule General Information |
---|
Release Date: | 2020-01-20 | |
Rule Name: | D-Link DIR DWR Devices Directory Traversal Vulnerabilities (CVE-2018-10822) | |
Severity: | ||
CVE ID: | ||
Rule Protection Details |
---|
Description: | Directory traversal vulnerability in the web interface on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices allows remote attackers to read arbitrary files via a /.. or // after "GET /uir" in an HTTP request.NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-6190. | |
Impact: | An attacker could exploit this vulnerability to have unspecified effect. | |
Affected OS: | Network Device | |
Reference: | http://sploit.tech/2018/10/12/D-Link.html https://seclists.org/fulldisclosure/2018/Oct/36 |
|
Solutions |
---|
The vendors have released upgrade patches to fix vulnerabilities, please visit: http://www.dlink.com/ |