N/A

D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW (A1-1.04), DIR-816L (B1-2.06), DIR-816 (B1-2.06?), DIR-850L (A1-1.09), and DIR-868L (A1-1.10).

N/A

N/A

多款D-Link产品访问控制错误漏洞

D-Link DIR-816是中国台湾友讯（D-Link）公司的一款无线路由器。 多款D-Link产品中存在访问控制错误漏洞，该漏洞源于mydlink功能的Web界面没有要求进行身份验证。远程攻击者可利用该漏洞获取用户的DNS查询日志和登录日志。以下产品受到影响：D-Link DIR-817LW (A1-1.04)；DIR-816L (B1-2.06)；DIR-816 (B1-2.06)；DIR-850L (A1-1.09)；DIR-868L (A1-1.10)。

N/A

N/A