d-link dir-100 Security Vulnerabilities

8 Vulnerabilities

Description
D-Link DIR-100 4.03B07 has PPTP and poe information disclosure Impacted versions: - Base Score: 0.0, Severity: NA, ID: CVE-2013-7055, Last Modified: 2020-02-04T14:24:00Z References Advisory
D-Link DIR-100 4.03B07: cli.cgi XSS Impacted versions: - Base Score: 0.0, Severity: NA, ID: CVE-2013-7054, Last Modified: 2020-02-04T14:24:00Z References Advisory
D-Link DIR-100 4.03B07: security bypass via an error in the cliget.cgi script Impacted versions: - Base Score: 0.0, Severity: NA, ID: CVE-2013-7052, Last Modified: 2020-02-04T14:24:00Z References Advisory
D-Link DIR-100 4.03B07: cli.cgi CSRF Impacted versions: - Base Score: 0.0, Severity: NA, ID: CVE-2013-7053, Last Modified: 2020-02-04T14:24:00Z References Advisory
D-Link DIR-100 4.03B07: cli.cgi security bypass due to failure to check authentication parameters Impacted versions: - Base Score: 0.0, Severity: NA, ID: CVE-2013-7051, Last Modified: 2020-02-04T14:24:00Z References Advisory
The web proxy service on the D-Link DIR-100 with firmware 1.12 and earlier does not properly filter web requests with large URLs, which allows remote attackers to bypass web restriction filters. Impacted versions: 1.02, 1.12 Base Score: 4.3, Severity: MEDIUM, ID: CVE-2008-4133, Last Modified: 2018-10-11T20:51:00Z References Vendor Advisory
Stack-based buffer overflow in the RuntimeDiagnosticPing function in /bin/webs on D-Link DIR-100 routers might allow remote authenticated administrators to execute arbitrary commands via a long set/runtime/diagnostic/pingIp parameter to Tools/tools_misc.xgi. Impacted versions: - Base Score: 8.5, Severity: HIGH, ID: CVE-2013-6027, Last Modified: 2013-10-21T16:50:00Z References Exploit US Government Resource
The web interface on D-Link DIR-100, DIR-120, DI-624S, DI-524UP, DI-604S, DI-604UP, DI-604+, and TM-G5240 routers; Planex BRL-04R, BRL-04UR, and BRL-04CW routers; and Alpha Networks routers allows remote attackers to bypass authentication and modify settings via an xmlset_roodkcableoj28840ybtide User-Agent HTTP header, as exploited in the wild in October 2013. Impacted versions: - Base Score: 10.0, Severity: HIGH, ID: CVE-2013-6026, Last Modified: 2013-10-21T16:40:00Z References Exploit US Government Resource

Description

D-Link DIR-100 4.03B07 has PPTP and poe information disclosure

Impacted versions: -

Base Score: 0.0, Severity: NA, ID: CVE-2013-7055, Last Modified: 2020-02-04T14:24:00Z

References

Advisory

D-Link DIR-100 4.03B07: cli.cgi XSS

Impacted versions: -

Base Score: 0.0, Severity: NA, ID: CVE-2013-7054, Last Modified: 2020-02-04T14:24:00Z

References

Advisory

D-Link DIR-100 4.03B07: security bypass via an error in the cliget.cgi script

Impacted versions: -

Base Score: 0.0, Severity: NA, ID: CVE-2013-7052, Last Modified: 2020-02-04T14:24:00Z

References

Advisory

D-Link DIR-100 4.03B07: cli.cgi CSRF

Impacted versions: -

Base Score: 0.0, Severity: NA, ID: CVE-2013-7053, Last Modified: 2020-02-04T14:24:00Z

References

Advisory

D-Link DIR-100 4.03B07: cli.cgi security bypass due to failure to check authentication parameters

Impacted versions: -

Base Score: 0.0, Severity: NA, ID: CVE-2013-7051, Last Modified: 2020-02-04T14:24:00Z

References

Advisory

The web proxy service on the D-Link DIR-100 with firmware 1.12 and earlier does not properly filter web requests with large URLs, which allows remote attackers to bypass web restriction filters.

Impacted versions: 1.02, 1.12

Base Score: 4.3, Severity: MEDIUM, ID: CVE-2008-4133, Last Modified: 2018-10-11T20:51:00Z

References

Vendor Advisory

Stack-based buffer overflow in the RuntimeDiagnosticPing function in /bin/webs on D-Link DIR-100 routers might allow remote authenticated administrators to execute arbitrary commands via a long set/runtime/diagnostic/pingIp parameter to Tools/tools_misc.xgi.

Impacted versions: -

Base Score: 8.5, Severity: HIGH, ID: CVE-2013-6027, Last Modified: 2013-10-21T16:50:00Z

References

Exploit US Government Resource

The web interface on D-Link DIR-100, DIR-120, DI-624S, DI-524UP, DI-604S, DI-604UP, DI-604+, and TM-G5240 routers; Planex BRL-04R, BRL-04UR, and BRL-04CW routers; and Alpha Networks routers allows remote attackers to bypass authentication and modify settings via an xmlset_roodkcableoj28840ybtide User-Agent HTTP header, as exploited in the wild in October 2013.

Impacted versions: -

Base Score: 10.0, Severity: HIGH, ID: CVE-2013-6026, Last Modified: 2013-10-21T16:40:00Z

References

Exploit US Government Resource

USAGE: Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.