Directory Traversal Vulnerability in D-Link DWR-932B Router
CVE-2016-10184

7.5HIGH

Key Information:

Vendor: D-Link
Status: Dwr-932b Firmware
Vendor: CVE Published:; 30 January 2017

Summary

A vulnerability in the D-Link DWR-932B router has been identified where the qmiweb interface is susceptible to directory traversal attacks. This flaw enables an attacker to exploit the system, allowing unauthorized access to files on the device. By utilizing specially crafted requests, an attacker can potentially read sensitive files, leading to further exploitation of the system. It is crucial for users of the DWR-932B to implement security practices to mitigate this risk.

References

https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932...

x_refsource_MISC

http://www.securityfocus.com/bid/95877

vdb-entryx_refsource_BID

EPSS Score

28% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 30, 2017
Vulnerability Reserved
Jan 29, 2017