Authentication flaw

2017-05-2104:29:00

PRIOn knowledge base

www.prio-n.com

8.9 High

AI Score

Confidence

High

0.319 Low

EPSS

Percentile

97.0%

JSON

login.cgi on D-Link DIR-600M devices with firmware 3.04 allows remote attackers to bypass authentication by entering more than 20 blank spaces in the password field during an admin login attempt.

CPENameOperatorVersion
dir-600m_firmwareeq3.04

CPE	Name	Operator	Version
	dir-600m_firmware	eq	3.04

References

touhidshaikh.com/blog/poc/d-link-dir600-auth-bypass/

www.exploit-db.com/exploits/42039/

www.youtube.com/watch?v=waIJKWCpyNQ