| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <201201251447.q0PElcgP010813@sf01web3.securityfocus.com> Date: Wed, 25 Jan 2012 14:47:38 GMT From: robkraus@...tionary.com To: bugtraq@...urityfocus.com Subject: D-Link DIR-601 TFTP Directory Traversal Vulnerability Vulnerability title: D-Link DIR-601 TFTP Directory Traversal Vulnerability CVSS Risk Rating: 7.8 (High) Product: D-Link DIR-601 Wireless N 150 Home Router Application Vendor: D-Link Vendor URL: www.dlink.com Public disclosure date: 1/20/2012 Discovered by: Rob Kraus and Solutionary Engineering Research Team (SERT) Solutionary ID: SERT-VDN-1013 Solutionary public disclosure URL: http://www.solutionary.com/index/SERT/Vuln-Disclosures/D-Link_DIR-601.html Vulnerability Description: Default installation of the DIR-601 Wireless N 150 Home Router is susceptible to directory traversal attack. A attacker can exploit this vulnerability to retrieve files outside of the TFTP server root directory. The attack is performed against the TFTP server listening on the WAN interface and does not require prior authentication. At this time it appears the vulnerability allows read-only access to files. Affected software versions: Firmware Version 1.02NA Impact: A remote attacker may be able to leverage this vulnerability to gain access to system and other configuration files resulting in loss of confidentiality. Fixed in: Not Fixed Remediation guidelines: Disable TFTP server access and update the system should a patch become available from the vendor.
Powered by blists - more mailing lists