CVE-2017-12943

EPSS 39.2%

D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to read passwords via a model/__show_info.php?REQUIRE_FILE= absolute path traversal attack, as demonstrated by discovering the admin password.

Affected products

n/a · n/a

public PoCs found — 4

githubgithub.com/aymankhalfatni/D-Link★ 0 githubgithub.com/d4rk30/CVE-2017-12943★ 0 cve_referencewww.exploit-db.com/exploits/42581/unverified exploitdbwww.exploit-db.com/exploits/42581unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://jithindkurup.tumblr.com/post/165218785974/d-link-dir-600-authentication-bypass-absolute https://www.exploit-db.com/exploits/42581/https://www.youtube.com/watch?v=PeNOJORAQsQ