CVE-2017-9100

CWE-287Improper Authentication8 documents6 sources
Severity
8.8HIGH
EPSS
5.8%
top 9.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Dlink Dir-600m Firmware
Timeline
PublishedMay 21
Latest updateAug 29

Description

login.cgi on D-Link DIR-600M devices with firmware 3.04 allows remote attackers to bypass authentication by entering more than 20 blank spaces in the password field during an admin login attempt.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

3
OSV
lame vulnerabilities2022-08-29
GHSA
GHSA-5957-rq48-hh79: login2022-05-13
CVEList
CVE-2017-9100: login2017-05-21

📋Vendor Advisories

1
Red Hat
lame: Multiple vulnerabilities2015-02-05

💬Community

1
Bugzilla
CVE-2015-9099 CVE-2015-9100 CVE-2017-11720 CVE-2017-13712 CVE-2017-15018 CVE-2017-15019 CVE-2017-15045 CVE-2017-15046 CVE-2017-9410 CVE-2017-9411 CVE-2017-9412 CVE-2017-8419 lame: Multiple vulnerabili2017-07-12
CVE-2017-9100 (HIGH CVSS 8.8) | login.cgi on D-Link DIR-600M device | cvebase.io