*SSD Advisory – D-Link 850L Multiple Vulnerabilities (Hack2Win Contest)* Link to full report: https://blogs.securiteam.com/index.php/archives/3364 Twitter account: @SecuriTeam_SSD *Vulnerabilities Summary*The following advisory describe three (3) vulnerabilities found in D-Link 850L router. The vulnerabilities have been reported as part of Hack2Win competition, for more information about Hack2Win – Hack2Win – https://blogs.securiteam.com/index.php/archives/3310. The vulnerabilities found in D-Link 850L are: Remote Command Execution via WAN and LAN Remote Unauthenticated Information Disclosure via WAN and LAN Unauthorized Remote Code Execution as root via LAN *Credit* The vulnerabilities were found by the following researchers, while participate in Beyond Security’s Hack2Win competition: Remote Command Execution via WAN and LAN: Zdenda Remote Unauthenticated Information Disclosure via WAN and LAN: Peter Geissler Unauthorized Remote Code Execution as root via LAN: Pierre Kim *Vendor response*The vendor has released patches to address this vulnerabilities (Firmware: 1.14B07 BETA). For more details: http://support.dlink.com/ProductInfo.aspx?m=DIR-850L -- Thanks Maor Shwartz GPG Key ID: 93CC36E2DE7FF514
Attachment:
SSD Advisory – D-Link 850L Multiple Vulnerabilities (Hack2Win Contest) – SecuriTeam Blogs.pdf
Description: Adobe PDF document
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/