ID
VAR-E-201309-0010
TITLE
D-Link DIR-505 Router Multiple Security Vulnerabilities
Trust: 0.3
DESCRIPTION
D-Link DIR-505 router is prone to the following security vulnerabilities:
1. A command-injection vulnerability
2. A file encryption weakness
3. A directory-traversal vulnerability
4. An arbitrary file-upload vulnerability
5. Multiple authentication bypass vulnerabilities
An attacker can exploit these issues to gain access to potentially sensitive information, execute arbitrary commands in the context of the affected device, upload arbitrary files and bypass certain security restrictions to perform unauthorized actions. Other attacks are also possible.
D-Link DIR-505 running firmware versions 1.06 and prior are vulnerable.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | d link | model: | dir-505 | scope: | eq | version: | 1.06 | Trust: 0.3 |
| vendor: | d link | model: | dir-505 | scope: | ne | version: | 1.07 | Trust: 0.3 |
EXPLOIT
An attacker can exploit these issues through readily available tools and a browser.
The researcher has created a proof-of-concept code. Please see the references for more information.
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Unknown
Trust: 0.3
CREDITS
Alessandro Di Pinto
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 62283 | Trust: 0.3 |
REFERENCES
| url: | http://seclists.org/bugtraq/2013/sep/30 | Trust: 0.3 |
| url: | http://www.dlink.com/ | Trust: 0.3 |
| url: | http://www.dlink.co.in/products/?pid=584 | Trust: 0.3 |
SOURCES
| db: | BID | id: | 62283 |
LAST UPDATE DATE
2022-07-27T09:12:03.720000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 62283 | date: | 2013-09-09T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 62283 | date: | 2013-09-09T00:00:00 |