N/A

Directory traversal vulnerability in the web interface on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices allows remote attackers to read arbitrary files via a /.. or // after "GET /uir" in an HTTP request. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-6190.

N/A

N/A

多款D-Link产品路径遍历漏洞

D-Link DWR-116等都是友讯（D-Link）公司的无线路由器产品。 多款D-Link产品中的Web界面存在目录遍历漏洞。远程攻击者可通过将/..或//放置在‘GET /uir’之后并发送HTTP请求利用该漏洞读取任意文件。以下产品和版本受到影响：D-Link DWR-116 1.06及之前版本；DIR-140L 1.02及之前版本；DIR-640L 1.02及之前版本；DWR-512 2.02及之前版本；DWR-712 2.02及之前版本；DWR-912 2.02及之前版本；DWR-921 2.

N/A

N/A