Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-6190

CWE-22Path Traversal5 documents4 sources
Severity
7.5HIGH
EPSS
62.4%
top 1.63%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Dlink Dwr-116 Firmware
Timeline
PublishedApr 10
Latest updateMay 17

Description

Directory traversal vulnerability in the web interface on the D-Link DWR-116 device with firmware before V1.05b09 allows remote attackers to read arbitrary files via a .. (dot dot) in a "GET /uir/" request.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

NVDdlink/dwr-116_firmwarev1.00\(cp\)b10, v1.01\(eu\), v1.05\(au\)+2

🔴Vulnerability Details

2
GHSA
GHSA-cc95-94rx-4f96: Directory traversal vulnerability in the web interface on the D-Link DWR-116 device with firmware before V12022-05-17
CVEList
CVE-2017-6190: Directory traversal vulnerability in the web interface on the D-Link DWR-116 device with firmware before V12017-04-10

💥Exploits & PoCs

2
Exploit-DB
D-Link Routers - Directory Traversal2018-10-12
Exploit-DB
D-Link DWR-116 / DWR-116A1 - Arbitrary File Download2017-04-07
CVE-2017-6190 (HIGH CVSS 7.5) | Directory traversal vulnerability i | cvebase.io