CVE-2017-9100

2017-05-2103:41:00

mitre

www.cve.org

9 High

AI Score

Confidence

High

0.319 Low

EPSS

Percentile

97.0%

JSON

login.cgi on D-Link DIR-600M devices with firmware 3.04 allows remote attackers to bypass authentication by entering more than 20 blank spaces in the password field during an admin login attempt.

References

touhidshaikh.com/blog/poc/d-link-dir600-auth-bypass/

www.exploit-db.com/exploits/42039/

www.youtube.com/watch?v=waIJKWCpyNQ