Summary: D-Link DIR-655 Rev. C devices are prone to multiple vulnerabilities.
Detection Method: Checks if a vulnerable version is present on the target host.
Technical Details: Following vulnerabilities exist:
- The devices allow remote attackers to force a blank password via
the apply_sec.cgi setup_wizard parameter.
- The devices allow remote attackers to execute arbitrary commands via
shell metacharacters in the online_firmware_check.cgi check_fw_url parameter.
- The devices allow XSS via the /www/ping_response.cgi ping_ipaddr parameter,
the /www/ping6_response.cgi ping6_ipaddr parameter and
the /www/apply_sec.cgi html_response_return_page parameter.
- ZjThe devices allow CSRF for the entire management console.
Impact: Successful exploitation would allow an attacker to get complete control
over the target device.
Affected Versions: D-Link DIR-655 Rev. C devices through version 3.02B04.
Recommendations: Update to version 3.02B05.
Web application abuses
Find and Fix this Vulnerability:
Mageni can help you to find out if you have this or more vulnerabilities exposing you to hackers, ransomware and malware: Download Mageni's Free Edition