Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-12943 — Path Traversal in Dlink Dir-600 B1 Firmware

CWE-22 — Path Traversal4 documents4 sources

Severity

9.8CRITICALNVD

EPSS

81.8%

top 0.80%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Dlink Dir-600 B1 Firmware

Timeline

PublishedAug 18

Latest updateMay 17

Description

D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to read passwords via a model/__show_info.php?REQUIRE_FILE= absolute path traversal attack, as demonstrated by discovering the admin password.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDdlink/dir-600_b1_firmware2.01

🔴Vulnerability Details

GHSA

GHSA-qxq5-xjp7-p3f2: D-Link DIR-600 Rev Bx devices with v2↗2022-05-17

▶

CVEList

CVE-2017-12943: D-Link DIR-600 Rev Bx devices with v2↗2017-08-18

▶

💥Exploits & PoCs

Exploit-DB

D-Link DIR-600 - Authentication Bypass↗2017-08-29

▶