no one is safe ...

Advisory

Multiple Vulnerabilities in D-Link DSL-320B

Posted Mon, 2013-05-06 11:42 by m1k3

Device: DSL-320B

Firmware Version: EU_DSL-320B v1.23 date: 28.12.2010

Vendor URL: http://www.dlink.com/de/de/home-solutions/connect/modems-and-gateways/ds...

============ Vulnerability Overview: ============

  • Access to the Config file without authentication => full authentication bypass possible!: (1)

Request:

192.168.178.111/config.bin

Response

=======

Multiple Vulnerabilities in D'Link DIR-635

Posted Thu, 2013-04-25 08:36 by m1k3

Device Name: DIR-635
Vendor: D-Link

============ Vulnerable Firmware Releases: ============

Firmwareversion: 2.34EU
Hardware-Version: B1
Produktseite: DIR-635

============ Vulnerability Overview: ============

  • Stored XSS -> Status - WLAN -> SSID

Multiple Vulnerabilities in D'Link DIR-615 - Hardware revision D3 / DIR-300 - Hardware revision A

Posted Mon, 2013-04-22 16:59 by m1k3

Device Name: DIR-615 - Hardware revision D3 / DIR-300 - Hardware revision A
Vendor: D-Link

============ Device Description: ============

DIR-300: http://www.dlink.com/de/de/home-solutions/connect/routers/dir-300-wirele...
DIR-615: http://www.dlink.com/de/de/support/product/dir-615-wireless-n-300-router...

============ Vulnerable Firmware Releases - DIR-615: ============

Tested Firmware Version : 4.13

============ Vulnerable Firmware Releases - DIR-300: ============

Multiple Vulnerabilities in D-Link devices

Posted Fri, 2013-04-05 14:55 by m1k3

Device Name: DIR-600 / DIR-300 revB / DIR-815 / DIR-645 / DIR-412 / DIR-456 / DIR-110
Vendor: D-Link

============ Vulnerable Firmware Releases: ============

DIR-815 v1.03b02 (unauthenticated command injection)
DIR-645 v1.02 (unauthenticated command injection)
DIR-645 v1.03 (authenticated command injection)
DIR-600 below v2.16b01 (with v2.16b01 D-Link also fixes different vulnerabilities reported in M1ADV2013-003)
DIR-300 revB v2.13b01 (unauthenticated command injection)
DIR-300 revB v2.14b01 (authenticated command injection)
DIR-412 Ver 1.14WWB02 (unauthenticated command injection)
DIR-456U Ver 1.00ONG (unauthenticated command injection)
DIR-110 Ver 1.01 (unauthenticated command injection)

Possible other versions and devices are also affected by this vulnerability.

Multiple Vulnerabilities in Netgear DGN2200B

Posted Fri, 2013-02-15 08:44 by m1k3

Device Name: DGN2200B
Vendor: Netgear

============ Vulnerable Firmware Releases: ============

Hardwareversion DGN2200B
Firmwareversion V1.0.0.36_7.0.36 - 04/01/2011
GUI Sprachversion: V1.0.0.25

============ Device Description: ============

Infos: http://www.netgear.com/home/products/wirelessrouters/work-and-play/dgn22...
http://www.netgear.de/products/home/wireless_routers/work-and-play/DGN22...

Firmware download: http://kb.netgear.com/app/answers/detail/a_id/18990/~/dgn2200%2Fdgn2200b...