Release date:
Updated on: 2013-02-27
Affected Systems:
D-Link DIR-300 2.13
D-Link DIR-300 2.12
D-Link DIR-600 2.14b01
D-Link DIR-600 2.13b01
D-Link DIR-600 2.12b02
Description:
--------------------------------------------------------------------------------
Bugtraq id: 57734
The D-Link DIR-600 and DIR-300 are both wireless router products.
The implementation of D-Link DIR-600 and DIR-300 has multiple security vulnerabilities that malicious users can exploit to leak some system information and control the affected devices.
1. The device does not restrict access to router_info.xml. The complete path can be disclosed through error messages;
2's access to devinfo.txtand version.txt is not limited, which may cause information leakage of some devices;
3. The device does not restrict access to command. php. through special HTTP requests, arbitrary shell commands can be executed.
<* Source: Michael Messner (michae.messner@integralis.com)
Link: http://www.securelist.com/en/advisories/52080
Http://www.s3cur1ty.de/m1adv2013-003
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
D-Link
------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://www.dlink.com/
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
