[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] 2 security bugs in Dlink router DIR-605L

To: "fulldisclosure@xxxxxxxxxxxx" <fulldisclosure@xxxxxxxxxxxx>
Subject: [FD] 2 security bugs in Dlink router DIR-605L
From: laalaa <dbpalan@xxxxxxxxxxx>
Date: Tue, 20 May 2014 17:21:40 +0800

DIR-605L (Hardware version Ax, firmware 1.14) has two severe security bug:

1. The login password is printed out in clear text in the "Current Network 
Setting" page (just after login) "Device Info" section.

2. The router can be controlled using a crafted URL (GET request), even without 
login

e.g. use any browser to visit 
"http://192.168.0.1/Status/wan_button_action.asp?connect=true";

Since the "report vulnerability" function of the Dlink website not work, the 
bug has been reported to "webmaster" of Dlink via e-mail.

                                          

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Prev by Date: [FD] CVE-2014-3450 - Privilege Escalation in Panda Security
Next by Date: [FD] Project Un1c0rn : Communications and GPG Key
Previous by thread: [FD] CVE-2014-3450 - Privilege Escalation in Panda Security
Next by thread: [FD] Project Un1c0rn : Communications and GPG Key
Index(es):
- Date
- Thread