Vulners
Lucene search
D-Link DSL-6850U Multiple Vulnerabilities
Vulnerabilities Summary
The following advisory describes two (2) vulnerabilities found in D-Link DSL-6850U versions BZ_1.00.01 â BZ_1.00.09.
D-Link DSL-6850U is a router âmanufactured by D-Link for Bezeq in Israelâ The vulnerabilities found are:
Default Credentials
Remote Command Execution
Credit
An independent security researcher has reported this vulnerability to Beyond Securityâs SecuriTeam Secure Disclosure program.
Vendor response
Bezeq was informed of the vulnerability on June 9, and released patches to address these vulnerabilities.
Vulnerabilities details
The device has a custom firmware with the following issues:
The Remote Web Management is enabled by default
The default account cannot be disabled
Default Credentials
The default account username is: support
The password is: support
Remote Command Execution
The shell interface allows only a set of commands however you can âbindâ them using â&&â â||â
Sending the command to the shell:
echo && /bin/bash
Will result in a BusyBox shell
# 0day.today [2018-03-14] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
03 Jan 2018 00:00Current
7.1High risk
Vulners AI Score7.1