An issue was discovered on D-Link DIR-601 2.02NA devices. Being local
to the network and having only "User" account (which is a low
privilege account) access, an attacker can inter An issue was discovered on D-Link DIR-601 2.02NA devices. Being local
to the network and having only "User" account (which is a low
privilege account) access, an attacker can intercept the response from
a POST request to obtain "Admin" rights due to the admin password
being displayed in XML.
------------------------------------------
[Vulnerability Type]
Insecure Permissions
------------------------------------------
[VulnerabilityType Other]
Privilege Escalation
------------------------------------------
[Vendor of Product]
D-Link
------------------------------------------
[Affected Product Code Base]
DIR-601 - 2.02NA
------------------------------------------
[Attack Type]
Local
------------------------------------------
[Impact Escalation of Privileges]
true
------------------------------------------
[Impact Information Disclosure]
true
------------------------------------------
[Has vendor confirmed or acknowledged the vulnerability?]
true
------------------------------------------
[Discoverer]
Kevin Randall
D-Link DIR-601 2.02NA Privilege Escalation
- Details
- Written by: khalil shreateh
- Category: Vulnerabilities
- Hits: 304