D-Link DIR-601 version 2.02NA suffers from a privilege escalation vulnerability.
33474835141701c30736e8087db9ef916d7adae2878081c9250a53fa48299500An issue was discovered on D-Link DIR-601 2.02NA devices. Being local
to the network and having only "User" account (which is a low
privilege account) access, an attacker can intercept the response from
a POST request to obtain "Admin" rights due to the admin password
being displayed in XML.
------------------------------------------
[Vulnerability Type]
Insecure Permissions
------------------------------------------
[VulnerabilityType Other]
Privilege Escalation
------------------------------------------
[Vendor of Product]
D-Link
------------------------------------------
[Affected Product Code Base]
DIR-601 - 2.02NA
------------------------------------------
[Attack Type]
Local
------------------------------------------
[Impact Escalation of Privileges]
true
------------------------------------------
[Impact Information Disclosure]
true
------------------------------------------
[Has vendor confirmed or acknowledged the vulnerability?]
true
------------------------------------------
[Discoverer]
Kevin Randall
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed