CVE-2017-9100

CVE-2017-9100

EPSS 85.5%

login.cgi on D-Link DIR-600M devices with firmware 3.04 allows remote attackers to bypass authentication by entering more than 20 blank spaces in the password field during an admin login attempt.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.exploit-db.com/exploits/42039/https://www.youtube.com/watch?v=waIJKWCpyNQ http://touhidshaikh.com/blog/poc/d-link-dir600-auth-bypass/