Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:27671
HistoryFeb 14, 2012 - 12:00 a.m.

D-Link DIR-601 TFTP Directory Traversal Vulnerability

2012-02-1400:00:00
vulners.com
89
JSON

Vulnerability title: D-Link DIR-601 TFTP Directory Traversal Vulnerability

CVSS Risk Rating: 7.8 (High)

Product: D-Link DIR-601 Wireless N 150 Home Router

Application Vendor: D-Link

Vendor URL: www.dlink.com

Public disclosure date: 1/20/2012

Discovered by: Rob Kraus and Solutionary Engineering Research Team (SERT)

Solutionary ID: SERT-VDN-1013

Solutionary public disclosure URL: http://www.solutionary.com/index/SERT/Vuln-Disclosures/D-Link_DIR-601.html

Vulnerability Description: Default installation of the DIR-601 Wireless N 150 Home Router is susceptible to directory traversal attack. A attacker can exploit this vulnerability to retrieve files outside of the TFTP server root directory. The attack is performed against the TFTP server listening on the WAN interface and does not require prior authentication. At this time it appears the vulnerability allows read-only access to files.

Affected software versions: Firmware Version 1.02NA

Impact: A remote attacker may be able to leverage this vulnerability to gain access to system and other configuration files resulting in loss of confidentiality.

Fixed in: Not Fixed

Remediation guidelines: Disable TFTP server access and update the system should a patch become available from the vendor.

JSON