Lucene search

[email protected]CVE-2017-9100

HistoryMay 21, 2017 - 4:29 a.m.

CVE-2017-9100

2017-05-2104:29:00

CWE-287

[email protected]

web.nvd.nist.gov

d-link

dir-600m

authentication bypass

cve-2017-9100

firmware 3.04

nvd

8.8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

8.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:C/I:C/A:C

0.319 Low

EPSS

Percentile

97.0%

JSON

login.cgi on D-Link DIR-600M devices with firmware 3.04 allows remote attackers to bypass authentication by entering more than 20 blank spaces in the password field during an admin login attempt.

Affected configurations

NVD

Node

dlinkdir-600m_firmwareMatch3.04

AND

dlinkdir-600mMatch-

CPENameOperatorVersion
dlink:dir-600m_firmwaredlink dir-600m firmwareeq3.04

CPE	Name	Operator	Version
dlink:dir-600m_firmware	dlink dir-600m firmware	eq	3.04

References

touhidshaikh.com/blog/poc/d-link-dir600-auth-bypass/

www.exploit-db.com/exploits/42039/

www.youtube.com/watch?v=waIJKWCpyNQ

Social References

8.8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

8.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:C/I:C/A:C

0.319 Low

EPSS

Percentile

97.0%

JSON

Related for CVE-2017-9100

prion1 nvd1 cvelist1