|
|
|||
| Rule General Information |
|---|
| Release Date: | 2020-01-20 | |
| Rule Name: | D-Link DIR DWR Devices Directory Traversal Vulnerabilities (CVE-2018-10822) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Directory traversal vulnerability in the web interface on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices allows remote attackers to read arbitrary files via a /.. or // after "GET /uir" in an HTTP request.NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-6190. | |
| Impact: | An attacker could exploit this vulnerability to have unspecified effect. | |
| Affected OS: | Network Device | |
| Reference: | http://sploit.tech/2018/10/12/D-Link.html https://seclists.org/fulldisclosure/2018/Oct/36 |
|
| Solutions |
|---|
| The vendors have released upgrade patches to fix vulnerabilities, please visit: http://www.dlink.com/ |