1 results (0.002 seconds)

CVSS: 7.5EPSS: 95%CPEs: 5EXPL: 1

Directory traversal vulnerability in the web interface on the D-Link DWR-116 device with firmware before V1.05b09 allows remote attackers to read arbitrary files via a .. (dot dot) in a "GET /uir/" request. Vulnerabilidad de cruce de directorios en la interfaz web del dispositivo DW-116 con firmware en versiones anteriores a V1.05b09 permite a los atacantes remotos leer archivos arbitrarios a través de un punto en una solicitud "GET/uir/". Multiple D-Link router models suffer from code execution, plain-text password storage, and directory traversal vulnerabilities. • https://www.exploit-db.com/exploits/41840 http://www.securityfocus.com/bid/97620 https://cxsecurity.com/blad/WLB-2017040033 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •