Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ptsecurityPositive TechnologiesPT-2011-29
HistoryOct 20, 2011 - 12:00 a.m.

PT-2011-29: Arbitrary file reading and arbitrary code execution in Router Manager for D-Link DIR-300

2011-10-2000:00:00
Positive Technologies
4
JSON

PT-2011-29: Arbitrary file reading and arbitrary code execution in Router Manager for D-Link DIR-300

Vulnerable software

Router management system for D-Link DIR-300

Severity level

Severity level: High
Impact: Random file reading, random code execution
Access Vector: Remote

CVSS v2:
Base Score: 10
Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE: not assigned

Software description

A router management system for D-Link DIR-300.

Vulnerability description

Positive Research Center has discovered a vulnerability that allows one to obtain content of arbitrary files and execute arbitrary code.

How to fix

Update your software up to the latest version
Update link

Advisory status

09.09.2011 - Vendor is notified
09.09.2011 - Vendor gets vulnerability details
19.09.2011 - Vendor releases fixed version and details
20.10.2011 - Public disclosure

Credits

The vulnerability was detected by Sergey Scherbel, Positive Research Center (Positive Technologies Company)

References

<http://en.securitylab.ru/lab/PT-2011-29&gt;

Reports on the vulnerabilities previously discovered by Positive Research:

<http://www.ptsecurity.com/advisory1.aspx&gt;
<http://en.securitylab.ru/lab/&gt;

JSON