D-Link DIR-100 Security Bypass Vulnerability
BID:31050
Info
D-Link DIR-100 Security Bypass Vulnerability
| Bugtraq ID: | 31050 |
| Class: | Design Error |
| CVE: |
CVE-2008-4133 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 08 2008 12:00AM |
| Updated: | Apr 16 2015 05:54PM |
| Credit: | Marc Ruef |
| Vulnerable: |
D-Link DIR-100 1.12 |
| Not Vulnerable: | |
Discussion
D-Link DIR-100 Security Bypass Vulnerability
D-Link DIR-100 is affected by a vulnerability that allows attackers to bypass security restrictions and access sites that are blocked by an administrator.
D-Link DIR-100 devices with firmware 1.12 are vulnerable; other versions may be affected as well.
D-Link DIR-100 is affected by a vulnerability that allows attackers to bypass security restrictions and access sites that are blocked by an administrator.
D-Link DIR-100 devices with firmware 1.12 are vulnerable; other versions may be affected as well.
Exploit / POC
D-Link DIR-100 Security Bypass Vulnerability
An attacker can carry out this attack using a browser.
The following example URI is available:
http://www.example.com/?foo=aaa(...)
An attacker can carry out this attack using a browser.
The following example URI is available:
http://www.example.com/?foo=aaa(...)
Solution / Fix
D-Link DIR-100 Security Bypass Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
D-Link DIR-100 Security Bypass Vulnerability
References:
References:
- DIR-100 Product Page (D-Link)
- [scip_Advisory 3808] D-Link DIR-100 long url filter evasion (Marc Ruef