CVE-2017-9675
high
CVSS v3
7.5
CVSS v4 NEW
โ
VIR risk
8.5
Description
On D-Link DIR-605L devices, firmware before 2.08UIBetaB01.bin allows an unauthenticated GET request to trigger a reboot.
Predictions
Exploit likelihood
83%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
{Vendor advisory: cve@mitre.org โ ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-605L/REVB/DIR-605L_REVB_RELEASE_NOTES_v2.08UIBETAB01_EN.pdf}
Exploits
Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.
Exploit-DB
D-Link DIR-605L < 2.08 - Denial of Service
Source code queued for fetch โ refresh in a moment.
References
- ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-605L/REVB/DIR-605L_REVB_RELEASE_NOTES_v2.08UIBETAB01_EN.pdf
- http://www.securityfocus.com/bid/99084
- https://www.exploit-db.com/exploits/43147/
- ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-605L/REVB/DIR-605L_REVB_RELEASE_NOTES_v2.08UIBETAB01_EN.pdf
- http://www.securityfocus.com/bid/99084
- https://www.exploit-db.com/exploits/43147/
CWEs
CWE-20
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.