VYPR

Dir 600m Firmware

by Dlink

CVEs (3)

  • CVE-2017-9100HigMay 21, 2017
    risk 0.64cvss 8.8epss 0.85

    login.cgi on D-Link DIR-600M devices with firmware 3.04 allows remote attackers to bypass authentication by entering more than 20 blank spaces in the password field during an admin login attempt.

  • CVE-2017-5874HigMar 22, 2017
    risk 0.57cvss 8.8epss 0.01

    CSRF exists on D-Link DIR-600M Rev. Cx devices before v3.05ENB01_beta_20170306. This can be used to bypass authentication and insert XSS sequences or possibly have unspecified other impact.

  • CVE-2017-10676MedJul 20, 2017
    risk 0.40cvss 6.1epss 0.01

    On D-Link DIR-600M devices before C1_v3.05ENB01_beta_20170306, XSS was found in the form2userconfig.cgi username parameter.