Path Traversal Vulnerability in D-Link DIR-600 Rev Bx Devices
CVE-2017-12943

9.8CRITICAL

Key Information:

Vendor
D-Link
Status
Dir-600 B1 Firmware
Vendor
CVE Published:
18 August 2017

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 78%

Summary

The D-Link DIR-600 Rev Bx devices running firmware version 2.x are susceptible to a path traversal vulnerability that allows remote attackers to gain unauthorized access to sensitive information, including admin passwords. By exploiting the 'model/__show_info.php?REQUIRE_FILE=' endpoint, attackers can manipulate the request to retrieve files outside the intended directory structure. This flaw highlights the importance of securing file access and validating user input to prevent unauthorized information disclosure.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

D-Link
Created by aymankhalfatni

CVE-2017-12943
Created by d4rk30

References

https://jithindkurup.tumblr.com/post/165218785974/d-link-...
x_refsource_MISC
https://www.youtube.com/watch?v=PeNOJORAQsQ
x_refsource_MISC
https://www.exploit-db.com/exploits/42581/
exploitx_refsource_EXPLOIT-DB

EPSS Score

78% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.