cvelistv5 - CVE-2017-6190

CVE-2017-6190 (GCVE-0-2017-6190)

Vulnerability from cvelistv5 – Published: 2017-04-10 14:00 – Updated: 2024-08-05 15:25

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://cxsecurity.com/blad/WLB-2017040033	x_refsource_MISC
	https://www.exploit-db.com/exploits/41840/	exploitx_refsource_EXPLOIT-DB
	http://www.securityfocus.com/bid/97620	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:25:47.733Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cxsecurity.com/blad/WLB-2017040033"
          },
          {
            "name": "41840",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/41840/"
          },
          {
            "name": "97620",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97620"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-04-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in the web interface on the D-Link DWR-116 device with firmware before V1.05b09 allows remote attackers to read arbitrary files via a .. (dot dot) in a \"GET /uir/\" request."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-15T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cxsecurity.com/blad/WLB-2017040033"
        },
        {
          "name": "41840",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/41840/"
        },
        {
          "name": "97620",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97620"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-6190",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in the web interface on the D-Link DWR-116 device with firmware before V1.05b09 allows remote attackers to read arbitrary files via a .. (dot dot) in a \"GET /uir/\" request."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cxsecurity.com/blad/WLB-2017040033",
              "refsource": "MISC",
              "url": "https://cxsecurity.com/blad/WLB-2017040033"
            },
            {
              "name": "41840",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/41840/"
            },
            {
              "name": "97620",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97620"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-6190",
    "datePublished": "2017-04-10T14:00:00",
    "dateReserved": "2017-02-22T00:00:00",
    "dateUpdated": "2024-08-05T15:25:47.733Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dlink:dwr-116_firmware:v1.00\\\\(cp\\\\)b10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9918BA28-87A2-4E0B-934B-C71304F80E93\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dlink:dwr-116_firmware:v1.01\\\\(eu\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"30FDCA01-94F1-4A75-AFF6-7B599A40EE0C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dlink:dwr-116_firmware:v1.05\\\\(au\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8BA655C3-0ED5-4558-A057-58C43A8F3946\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dlink:dwr-116:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B307E277-9C31-4D69-B4E2-4FE28B2E2AE3\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dlink:dwr-116a1:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FF10AB91-F202-4587-B8DE-27F5C3A1F06F\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Directory traversal vulnerability in the web interface on the D-Link DWR-116 device with firmware before V1.05b09 allows remote attackers to read arbitrary files via a .. (dot dot) in a \\\"GET /uir/\\\" request.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de cruce de directorios en la interfaz web del dispositivo DW-116 con firmware en versiones anteriores a V1.05b09 permite a los atacantes remotos leer archivos arbitrarios a trav\\u00e9s de un punto en una solicitud \\\"GET/uir/\\\".\"}]",
      "id": "CVE-2017-6190",
      "lastModified": "2024-11-21T03:29:13.253",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": true, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-04-10T14:59:00.263",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/97620\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://cxsecurity.com/blad/WLB-2017040033\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.exploit-db.com/exploits/41840/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/97620\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://cxsecurity.com/blad/WLB-2017040033\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.exploit-db.com/exploits/41840/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-6190\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-04-10T14:59:00.263\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Directory traversal vulnerability in the web interface on the D-Link DWR-116 device with firmware before V1.05b09 allows remote attackers to read arbitrary files via a .. (dot dot) in a \\\"GET /uir/\\\" request.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de cruce de directorios en la interfaz web del dispositivo DW-116 con firmware en versiones anteriores a V1.05b09 permite a los atacantes remotos leer archivos arbitrarios a trav\u00e9s de un punto en una solicitud \\\"GET/uir/\\\".\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":true,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:dwr-116_firmware:v1.00\\\\(cp\\\\)b10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9918BA28-87A2-4E0B-934B-C71304F80E93\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:dwr-116_firmware:v1.01\\\\(eu\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"30FDCA01-94F1-4A75-AFF6-7B599A40EE0C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:dwr-116_firmware:v1.05\\\\(au\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8BA655C3-0ED5-4558-A057-58C43A8F3946\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dlink:dwr-116:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B307E277-9C31-4D69-B4E2-4FE28B2E2AE3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dlink:dwr-116a1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF10AB91-F202-4587-B8DE-27F5C3A1F06F\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/97620\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://cxsecurity.com/blad/WLB-2017040033\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/41840/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/97620\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://cxsecurity.com/blad/WLB-2017040033\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/41840/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GHSA-CC95-94RX-4F96

Vulnerability from github – Published: 2022-05-17 02:12 – Updated: 2025-04-20 03:35

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-6190"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-04-10T14:59:00Z",
    "severity": "HIGH"
  },
  "details": "Directory traversal vulnerability in the web interface on the D-Link DWR-116 device with firmware before V1.05b09 allows remote attackers to read arbitrary files via a .. (dot dot) in a \"GET /uir/\" request.",
  "id": "GHSA-cc95-94rx-4f96",
  "modified": "2025-04-20T03:35:43Z",
  "published": "2022-05-17T02:12:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6190"
    },
    {
      "type": "WEB",
      "url": "https://cxsecurity.com/blad/WLB-2017040033"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/41840"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/97620"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CNVD-2017-05589

Vulnerability from cnvd - Published: 2017-04-28

Title

D-Link DWR-116任意文件下载漏洞

Description

DWR-116是D-Link推出的无线N300多WAN路由器。 D-Link DWR-116的Web界面存在任意文件下载漏洞，远程攻击者可通过"GET /uir/"请求中的..（双点）读取任意文件。

Severity

中

Patch Name

D-Link DWR-116任意文件下载漏洞的补丁

Patch Description

DWR-116是D-Link推出的无线N300多WAN路由器。 D-Link DWR-116的Web界面存在任意文件下载漏洞，远程攻击者可通过"GET /uir/"请求中的..（双点）读取任意文件。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布漏洞修复程序，请及时关注更新： http://seclists.org/bugtraq/2017/Apr/28

Reference

http://seclists.org/bugtraq/2017/Apr/28 https://cxsecurity.com/blad/WLB-2017040033

Impacted products

Name
['D-Link DWR-116 1.05(AU)', 'D-Link DWR-116 1.01(EU)', 'D-Link DWR-116 1.00(CP)b10']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "97620"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-6190"
    }
  },
  "description": "DWR-116\u662fD-Link\u63a8\u51fa\u7684\u65e0\u7ebfN300\u591aWAN\u8def\u7531\u5668\u3002\r\n\r\nD-Link DWR-116\u7684Web\u754c\u9762\u5b58\u5728\u4efb\u610f\u6587\u4ef6\u4e0b\u8f7d\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\"GET /uir/\"\u8bf7\u6c42\u4e2d\u7684..\uff08\u53cc\u70b9\uff09\u8bfb\u53d6\u4efb\u610f\u6587\u4ef6\u3002",
  "discovererName": "Patryk Bogdan",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttp://seclists.org/bugtraq/2017/Apr/28",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-05589",
  "openTime": "2017-04-28",
  "patchDescription": "DWR-116\u662fD-Link\u63a8\u51fa\u7684\u65e0\u7ebfN300\u591aWAN\u8def\u7531\u5668\u3002\r\n\r\nD-Link DWR-116\u7684Web\u754c\u9762\u5b58\u5728\u4efb\u610f\u6587\u4ef6\u4e0b\u8f7d\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\"GET /uir/\"\u8bf7\u6c42\u4e2d\u7684..\uff08\u53cc\u70b9\uff09\u8bfb\u53d6\u4efb\u610f\u6587\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "D-Link DWR-116\u4efb\u610f\u6587\u4ef6\u4e0b\u8f7d\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "D-Link DWR-116 1.05(AU)",
      "D-Link DWR-116  1.01(EU)",
      "D-Link DWR-116  1.00(CP)b10"
    ]
  },
  "referenceLink": "http://seclists.org/bugtraq/2017/Apr/28\r\nhttps://cxsecurity.com/blad/WLB-2017040033",
  "serverity": "\u4e2d",
  "submitTime": "2017-04-11",
  "title": "D-Link DWR-116\u4efb\u610f\u6587\u4ef6\u4e0b\u8f7d\u6f0f\u6d1e"
}

GSD-2017-6190

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-6190

Aliases

CVE-2017-6190

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-6190",
    "description": "Directory traversal vulnerability in the web interface on the D-Link DWR-116 device with firmware before V1.05b09 allows remote attackers to read arbitrary files via a .. (dot dot) in a \"GET /uir/\" request.",
    "id": "GSD-2017-6190",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2017-6190"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-6190"
      ],
      "details": "Directory traversal vulnerability in the web interface on the D-Link DWR-116 device with firmware before V1.05b09 allows remote attackers to read arbitrary files via a .. (dot dot) in a \"GET /uir/\" request.",
      "id": "GSD-2017-6190",
      "modified": "2023-12-13T01:21:10.012648Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2017-6190",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Directory traversal vulnerability in the web interface on the D-Link DWR-116 device with firmware before V1.05b09 allows remote attackers to read arbitrary files via a .. (dot dot) in a \"GET /uir/\" request."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://cxsecurity.com/blad/WLB-2017040033",
            "refsource": "MISC",
            "url": "https://cxsecurity.com/blad/WLB-2017040033"
          },
          {
            "name": "41840",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/41840/"
          },
          {
            "name": "97620",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/97620"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dlink:dwr-116_firmware:v1.01\\(eu\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:dlink:dwr-116_firmware:v1.00\\(cp\\)b10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:dlink:dwr-116_firmware:v1.05\\(au\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dlink:dwr-116a1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dlink:dwr-116:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-6190"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in the web interface on the D-Link DWR-116 device with firmware before V1.05b09 allows remote attackers to read arbitrary files via a .. (dot dot) in a \"GET /uir/\" request."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-22"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cxsecurity.com/blad/WLB-2017040033",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://cxsecurity.com/blad/WLB-2017040033"
            },
            {
              "name": "97620",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/97620"
            },
            {
              "name": "41840",
              "refsource": "EXPLOIT-DB",
              "tags": [],
              "url": "https://www.exploit-db.com/exploits/41840/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": true,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2017-08-16T01:29Z",
      "publishedDate": "2017-04-10T14:59Z"
    }
  }
}

VAR-201704-1225

Vulnerability from variot - Updated: 2023-12-18 12:04

Directory traversal vulnerability in the web interface on the D-Link DWR-116 device with firmware before V1.05b09 allows remote attackers to read arbitrary files via a .. (dot dot) in a "GET /uir/" request. The DWR-116 is a wireless N300 multi-WAN router from D-Link. (double point) in the \"GET/uir/\" request. D-Link DWR-116 is prone to an arbitrary-file-download vulnerability. An attacker can exploit this issue to download arbitrary files from the device filesystem and obtain potentially sensitive information.

NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-6190.

PoC: aaaaa a $ curl http://routerip/uir//etc/passwd aaaaa

The vulnerability can be used retrieve administrative password using the other disclosed vulnerability - CVE-2018-10824

This vulnerability was reported previously by Patryk Bogdan in CVE-2017-6190 but he reported it is fixed in certain release but unfortunately it is still present in even newer releases. The vulnerability is also present in other D-Link routers and can be exploited not only (as the original author stated) by double dot but also absolutely using double slash.

2 Password stored in plaintext in several series of D-Link routers aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

CVE: CVE-2018-10824

An issue was discovered on D-Link routers: aC/ DWR-116 through 1.06, aC/ DIR-140L through 1.02, aC/ DIR-640L through 1.02, aC/ DWR-512 through 2.02, aC/ DWR-712 through 2.02, aC/ DWR-912 through 2.02, aC/ DWR-921 through 2.02, aC/ DWR-111 through 1.01, aC/ and probably others with the same type of firmware.

NOTE: I have changed the filename in description to XXX because the vendor leaves some EOL routers unpatched and the attack is too simple.

The administrative password is stored in plaintext in the /tmp/XXX/0 file.

PoC using the directory traversal vulnerability disclosed at the same time - CVE-2018-10822

aaaaa a $ curl http://routerip/uir//tmp/XXX/0 aaaaa

This command returns a binary config file which contains admin username and password as well as many other router configuration settings.

3 Shell command injection in httpd server of a several series of D-Link routers aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaa

CVE: CVE-2018-10823

CVSS v3: 9.1 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)

An issue was discovered on D-Link routers: aC/ DWR-116 through 1.06, aC/ DWR-512 through 2.02, aC/ DWR-712 through 2.02, aC/ DWR-912 through 2.02, aC/ DWR-921 through 2.02, aC/ DWR-111 through 1.01, aC/ and probably others with the same type of firmware.

An authenticated attacker may execute arbitrary code by injecting the shell command into the chkisg.htm page Sip parameter. This allows for full control over the device internals.

PoC: 1. 2. Request the following URL after login: aaaaa a $ curl http://routerip/chkisg.htm%3FSip%3D1.1.1.1%20%7C%20cat%20 %2Fetc%2Fpasswd aaaaa 3. See the passwd file contents in the response.

4 Exploiting all together aaaaaaaaaaaaaaaaaaaaaaaaa

CVSS v3: 10 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Taking all the three together it is easy to gain full router control including arbitrary code execution.

Description with video: [http://sploit.tech/2018/10/12/D-Link.html]

5 Timeline aaaaaaaaaa

aC/ 09.05.2018 - vendor notified aC/ 06.06.2018 - asked vendor about the status because of long vendor response aC/ 22.06.2018 - received a reply that a patch will be released for DWR-116 and DWR-111, for the other devices which are EOL an announcement will be released aC/ 09.09.2018 - still no reply from vendor about the patches or announcement, I have warned the vendor that if I will not get a reply in a month I will publish the disclosure aC/ 12.10.2018 - disclosing the vulnerabilities

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201704-1225",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "dwr-116",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "dlink",
        "version": "v1.05\\(au\\)"
      },
      {
        "model": "dwr-116",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "dlink",
        "version": "v1.01\\(eu\\)"
      },
      {
        "model": "dwr-116",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "dlink",
        "version": "v1.00\\(cp\\)b10"
      },
      {
        "model": "dwr-116 1.05",
        "scope": null,
        "trust": 0.9,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "dwr-116 1.01",
        "scope": null,
        "trust": 0.9,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "dwr-116 1.00 b10",
        "scope": null,
        "trust": 0.9,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "dwr-116",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "d link",
        "version": "1.05b09"
      },
      {
        "model": "dwr-116 1.05b09",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-05589"
      },
      {
        "db": "BID",
        "id": "97620"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003082"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6190"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-490"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dlink:dwr-116_firmware:v1.01\\(eu\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:dlink:dwr-116_firmware:v1.00\\(cp\\)b10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:dlink:dwr-116_firmware:v1.05\\(au\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dlink:dwr-116a1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dlink:dwr-116:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-6190"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Patryk Bogdan",
    "sources": [
      {
        "db": "BID",
        "id": "97620"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-6190",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": true,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2017-6190",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2017-05589",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-114393",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2017-6190",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-6190",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-05589",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201704-490",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-114393",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-05589"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114393"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003082"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6190"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-490"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Directory traversal vulnerability in the web interface on the D-Link DWR-116 device with firmware before V1.05b09 allows remote attackers to read arbitrary files via a .. (dot dot) in a \"GET /uir/\" request. The DWR-116 is a wireless N300 multi-WAN router from D-Link. (double point) in the \\\"GET/uir/\\\" request. D-Link DWR-116 is prone to an arbitrary-file-download vulnerability. \nAn attacker can exploit this issue to download arbitrary files from the device filesystem and obtain potentially sensitive information. \n\n  NOTE: this vulnerability exists because of an incorrect fix for\n  CVE-2017-6190. \n\n  PoC:\n  aaaaa\n  a $ curl http://routerip/uir//etc/passwd\n  aaaaa\n\n  The vulnerability can be used retrieve administrative password using\n  the other disclosed vulnerability - CVE-2018-10824\n\n  This vulnerability was reported previously by Patryk Bogdan in\n  CVE-2017-6190 but he reported it is fixed in certain release but\n  unfortunately it is still present in even newer releases. The\n  vulnerability is also present in other D-Link routers and can be\n  exploited not only (as the original author stated) by double dot but\n  also absolutely using double slash. \n\n\n2 Password stored in plaintext in several series of D-Link routers\naaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\n\n  CVE: CVE-2018-10824\n\n  An issue was discovered on D-Link routers:\n  aC/ DWR-116 through 1.06,\n  aC/ DIR-140L through 1.02,\n  aC/ DIR-640L through 1.02,\n  aC/ DWR-512 through 2.02,\n  aC/ DWR-712 through 2.02,\n  aC/ DWR-912 through 2.02,\n  aC/ DWR-921 through 2.02,\n  aC/ DWR-111 through 1.01,\n  aC/ and probably others with the same type of firmware. \n\n  NOTE: I have changed the filename in description to XXX because the\n  vendor leaves some EOL routers unpatched and the attack is too\nsimple. \n\n  The administrative password is stored in plaintext in the /tmp/XXX/0\n  file. \n\n  PoC using the directory traversal vulnerability disclosed at the same\n  time - CVE-2018-10822\n\n  aaaaa\n  a $ curl http://routerip/uir//tmp/XXX/0\n  aaaaa\n\n  This command returns a binary config file which contains admin\n  username and password as well as many other router configuration\n  settings. \n\n\n3 Shell command injection in httpd server of a several series of D-Link \nrouters\naaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\naaaaaaaa\n\n  CVE: CVE-2018-10823\n\n  CVSS v3: 9.1 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)\n\n  An issue was discovered on D-Link routers:\n  aC/ DWR-116 through 1.06,\n  aC/ DWR-512 through 2.02,\n  aC/ DWR-712 through 2.02,\n  aC/ DWR-912 through 2.02,\n  aC/ DWR-921 through 2.02,\n  aC/ DWR-111 through 1.01,\n  aC/ and probably others with the same type of firmware. \n\n  An authenticated attacker may execute arbitrary code by injecting the\n  shell command into the chkisg.htm page Sip parameter. This allows for\n  full control over the device internals. \n\n  PoC:\n  1. \n  2. Request the following URL after login:\n     aaaaa\n     a $ curl http://routerip/chkisg.htm%3FSip%3D1.1.1.1%20%7C%20cat%20\n%2Fetc%2Fpasswd\n     aaaaa\n  3. See the passwd file contents in the response. \n\n\n4 Exploiting all together\naaaaaaaaaaaaaaaaaaaaaaaaa\n\n  CVSS v3: 10 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n  Taking all the three together it is easy to gain full router control\n  including arbitrary code execution. \n\n  Description with video: [http://sploit.tech/2018/10/12/D-Link.html]\n\n\n5 Timeline\naaaaaaaaaa\n\n  aC/ 09.05.2018 - vendor notified\n  aC/ 06.06.2018 - asked vendor about the status because of long vendor\n    response\n  aC/ 22.06.2018 - received a reply that a patch will be released for\n    DWR-116 and DWR-111, for the other devices which are EOL an\n    announcement will be released\n  aC/ 09.09.2018 - still no reply from vendor about the patches or\n    announcement, I have warned the vendor that if I will not get a\n    reply in a month I will publish the disclosure\n  aC/ 12.10.2018 - disclosing the vulnerabilities\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-6190"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003082"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-05589"
      },
      {
        "db": "BID",
        "id": "97620"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114393"
      },
      {
        "db": "PACKETSTORM",
        "id": "149844"
      }
    ],
    "trust": 2.61
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-114393",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114393"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-6190",
        "trust": 3.5
      },
      {
        "db": "CXSECURITY",
        "id": "WLB-2017040033",
        "trust": 3.1
      },
      {
        "db": "BID",
        "id": "97620",
        "trust": 2.0
      },
      {
        "db": "EXPLOIT-DB",
        "id": "41840",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003082",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-490",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-05589",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "149844",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "142052",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-114393",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-05589"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114393"
      },
      {
        "db": "BID",
        "id": "97620"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003082"
      },
      {
        "db": "PACKETSTORM",
        "id": "149844"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6190"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-490"
      }
    ]
  },
  "id": "VAR-201704-1225",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-05589"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114393"
      }
    ],
    "trust": 1.396428565
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT",
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-05589"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:04:12.771000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Wireless N300 Multi-WAN Router DWR-116",
        "trust": 0.8,
        "url": "http://www.dlink.com/uk/en/products/dwr-116-wireless-n300-multi-wan-router"
      },
      {
        "title": "D-LinkDWR-116 patch for arbitrary file download vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/92924"
      },
      {
        "title": "D-Link DWR-116 Web interface Repair measures for path traversal vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=70141"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-05589"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003082"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-490"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-22",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114393"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003082"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6190"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.1,
        "url": "https://cxsecurity.com/blad/wlb-2017040033"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/97620"
      },
      {
        "trust": 1.1,
        "url": "https://www.exploit-db.com/exploits/41840/"
      },
      {
        "trust": 0.9,
        "url": "http://seclists.org/bugtraq/2017/apr/28"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-6190"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6190"
      },
      {
        "trust": 0.3,
        "url": "http://www.d-link.com"
      },
      {
        "trust": 0.1,
        "url": "http://routerip/uir//tmp/xxx/0"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10822"
      },
      {
        "trust": 0.1,
        "url": "http://sploit.tech/"
      },
      {
        "trust": 0.1,
        "url": "http://routerip/uir//etc/passwd"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10824"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10823"
      },
      {
        "trust": 0.1,
        "url": "http://sploit.tech/2018/10/12/d-link.html]"
      },
      {
        "trust": 0.1,
        "url": "http://routerip/chkisg.htm%3fsip%3d1.1.1.1%20%7c%20cat%20"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-05589"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114393"
      },
      {
        "db": "BID",
        "id": "97620"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003082"
      },
      {
        "db": "PACKETSTORM",
        "id": "149844"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6190"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-490"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-05589"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114393"
      },
      {
        "db": "BID",
        "id": "97620"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003082"
      },
      {
        "db": "PACKETSTORM",
        "id": "149844"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6190"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-490"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-04-28T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-05589"
      },
      {
        "date": "2017-04-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-114393"
      },
      {
        "date": "2017-04-07T00:00:00",
        "db": "BID",
        "id": "97620"
      },
      {
        "date": "2017-05-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-003082"
      },
      {
        "date": "2018-10-18T03:47:09",
        "db": "PACKETSTORM",
        "id": "149844"
      },
      {
        "date": "2017-04-10T14:59:00.263000",
        "db": "NVD",
        "id": "CVE-2017-6190"
      },
      {
        "date": "2017-04-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201704-490"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-04-28T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-05589"
      },
      {
        "date": "2017-08-16T00:00:00",
        "db": "VULHUB",
        "id": "VHN-114393"
      },
      {
        "date": "2017-04-18T00:06:00",
        "db": "BID",
        "id": "97620"
      },
      {
        "date": "2017-05-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-003082"
      },
      {
        "date": "2017-08-16T01:29:19.133000",
        "db": "NVD",
        "id": "CVE-2017-6190"
      },
      {
        "date": "2017-05-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201704-490"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-490"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "D-Link DWR-116 Device firmware  Web Directory traversal vulnerability in the interface",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003082"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "path traversal",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-490"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2017-6190

Vulnerability from fkie_nvd - Published: 2017-04-10 14:59 - Updated: 2025-04-20 01:37

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
cve@mitre.org	http://www.securityfocus.com/bid/97620
cve@mitre.org	https://cxsecurity.com/blad/WLB-2017040033	Third Party Advisory
cve@mitre.org	https://www.exploit-db.com/exploits/41840/
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/97620
af854a3a-2127-422b-91ae-364da2661108	https://cxsecurity.com/blad/WLB-2017040033	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/41840/

Impacted products

Vendor	Product	Version
dlink	dwr-116_firmware	v1.00$cp$b10
dlink	dwr-116_firmware	v1.01$eu$
dlink	dwr-116_firmware	v1.05$au$
dlink	dwr-116	-
dlink	dwr-116a1	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dlink:dwr-116_firmware:v1.00\\(cp\\)b10:*:*:*:*:*:*:*",
              "matchCriteriaId": "9918BA28-87A2-4E0B-934B-C71304F80E93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:dlink:dwr-116_firmware:v1.01\\(eu\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "30FDCA01-94F1-4A75-AFF6-7B599A40EE0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:dlink:dwr-116_firmware:v1.05\\(au\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "8BA655C3-0ED5-4558-A057-58C43A8F3946",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dlink:dwr-116:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B307E277-9C31-4D69-B4E2-4FE28B2E2AE3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:dlink:dwr-116a1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF10AB91-F202-4587-B8DE-27F5C3A1F06F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Directory traversal vulnerability in the web interface on the D-Link DWR-116 device with firmware before V1.05b09 allows remote attackers to read arbitrary files via a .. (dot dot) in a \"GET /uir/\" request."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de cruce de directorios en la interfaz web del dispositivo DW-116 con firmware en versiones anteriores a V1.05b09 permite a los atacantes remotos leer archivos arbitrarios a trav\u00e9s de un punto en una solicitud \"GET/uir/\"."
    }
  ],
  "id": "CVE-2017-6190",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-04-10T14:59:00.263",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/97620"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cxsecurity.com/blad/WLB-2017040033"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/41840/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/97620"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cxsecurity.com/blad/WLB-2017040033"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/41840/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Vendor	Product	Version
dlink	dwr-116_firmware	v1.00\(cp\)b10
dlink	dwr-116_firmware	v1.01\(eu\)
dlink	dwr-116_firmware	v1.05\(au\)
dlink	dwr-116	-
dlink	dwr-116a1	-

Action not permitted

CVE-2017-6190 (GCVE-0-2017-6190)

GHSA-CC95-94RX-4F96

CNVD-2017-05589

GSD-2017-6190

VAR-201704-1225

FKIE_CVE-2017-6190

Tags

Sightings

Nomenclature