漏洞标题
N/A
漏洞描述信息
在一个D-Link DAP-1360修订F设备上发现了一个问题。未经授权的远程攻击者可以通过未记录的HTTP请求启动telnet服务。尽管这是主要漏洞,但影响取决于固件版本。测试了版本609EU到613EUbeta。到6.12b01版本的固件具有弱root认证,允许攻击者获得远程root访问。在6.12b01之后,root认证信息被更改,但telnet服务仍然可以在没有授权的情况下启动。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
An issue was discovered on D-Link DAP-1360 revision F devices. Remote attackers can start a telnet service without authorization via an undocumented HTTP request. Although this is the primary vulnerability, the impact depends on the firmware version. Versions 609EU through 613EUbeta were tested. Versions through 6.12b01 have weak root credentials, allowing an attacker to gain remote root access. After 6.12b01, the root credentials were changed but the telnet service can still be started without authorization.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
D-Link DAP-136 访问控制错误漏洞
漏洞描述信息
D-Link DAP-136是中国台湾友讯(D-Link)公司的一款无线网络信号扩展器。 使用v6.13EUb01及之前版本固件的D-Link DAP-1360(全部的Fx硬件版本)中存在安全漏洞。攻击者可利用该漏洞未经授权启动远程终端协议守护进程。
CVSS信息
N/A
漏洞类别
授权问题