D-Link DIR-300L/600L Remote Command Execution

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote router is affected by a remote command execution
vulnerability

Description :

The remote D-Link DIR router is affected by a remote command
execution vulnerability. An unauthenticated remote attacker can use
this vulnerability to execute operating system commands as root.

This vulnerability has been used by the IoT Reaper botnet.

See also :

http://www.s3cur1ty.de/m1adv2013-003
http://www.dlink.com/uk/en/support/security-advisory
http://www.nessus.org/u?197042fe

Solution :

Upgrade to the latest firmware version.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 9.5
(CVSS2#E:F/RL:U/RC:ND)
Public Exploit Available : true

Family: CGI abuses

Nessus Plugin ID: 104126 ()

Bugtraq ID: 57734

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now