CVE-2017-6190 – D-Link DWR-116 / DWR-116A1 - Arbitrary File Download

https://notcve.org/view.php?id=CVE-2017-6190

Directory traversal vulnerability in the web interface on the D-Link DWR-116 device with firmware before V1.05b09 allows remote attackers to read arbitrary files via a .. (dot dot) in a "GET /uir/" request. Vulnerabilidad de cruce de directorios en la interfaz web del dispositivo DW-116 con firmware en versiones anteriores a V1.05b09 permite a los atacantes remotos leer archivos arbitrarios a través de un punto en una solicitud "GET/uir/". Multiple D-Link router models suffer from code execution, plain-text password storage, and directory traversal vulnerabilities. • https://www.exploit-db.com/exploits/41840 http://www.securityfocus.com/bid/97620 https://cxsecurity.com/blad/WLB-2017040033 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •