Full Disclosure mailing list archives
SSD Advisory – D-Link 850L Multiple Vulnerabilities (Hack2Win Contest)
From: Maor Shwartz <maors () beyondsecurity com>
Date: Tue, 8 Aug 2017 13:34:45 +0300
*SSD Advisory – D-Link 850L Multiple Vulnerabilities (Hack2Win Contest)* Link to full report: https://blogs.securiteam.com/index.php/archives/3364 Twitter account: @SecuriTeam_SSD *Vulnerabilities Summary*The following advisory describe three (3) vulnerabilities found in D-Link 850L router. The vulnerabilities have been reported as part of Hack2Win competition, for more information about Hack2Win – Hack2Win – https://blogs.securiteam.com/index.php/archives/3310. The vulnerabilities found in D-Link 850L are: Remote Command Execution via WAN and LAN Remote Unauthenticated Information Disclosure via WAN and LAN Unauthorized Remote Code Execution as root via LAN *Credit* The vulnerabilities were found by the following researchers, while participate in Beyond Security’s Hack2Win competition: Remote Command Execution via WAN and LAN: Zdenda Remote Unauthenticated Information Disclosure via WAN and LAN: Peter Geissler Unauthorized Remote Code Execution as root via LAN: Pierre Kim *Vendor response*The vendor has released patches to address this vulnerabilities (Firmware: 1.14B07 BETA). For more details: http://support.dlink.com/ProductInfo.aspx?m=DIR-850L -- Thanks Maor Shwartz GPG Key ID: 93CC36E2DE7FF514
Attachment:
SSD Advisory – D-Link 850L Multiple Vulnerabilities (Hack2Win Contest) – SecuriTeam Blogs.pdf
Description:
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- SSD Advisory – D-Link 850L Multiple Vulnerabilities (Hack2Win Contest) Maor Shwartz (Aug 11)