Details of VAR-201406-0031

ID

VAR-201406-0031

CVE

CVE-2011-4821

TITLE

D-Link DIR-601 TFTP Server Directory Traversal Vulnerability

Trust: 0.9

sources: CNVD: CNVD-2012-0378 // BID: 51659

DESCRIPTION

Directory traversal vulnerability in the TFTP server in D-Link DIR-601 Wireless N150 Home Router with firmware 1.02NA allows remote attackers to read arbitrary files via unspecified vectors. The D-Link DIR-601 is a wireless router device. The attacker performs the WAN interface monitored by the TFTP server without authentication. D-Link DIR-601 is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue can allow an attacker to gain access to system and other configuration files. D-Link DIR-601 1.02NA is vulnerable; other versions may be affected. ---------------------------------------------------------------------- SC Magazine awards the Secunia CSI a 5-Star rating Top-level rating for ease of use, performance, documentation, support, and value for money. Read more and get a free trial here: http://secunia.com/blog/296 ---------------------------------------------------------------------- TITLE: 2X ApplicationServer TuxSystem ActiveX Control "ExportSettings()" Insecure Method SECUNIA ADVISORY ID: SA47657 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47657/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47657 RELEASE DATE: 2012-02-03 DISCUSS ADVISORY: http://secunia.com/advisories/47657/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47657/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47657 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Andrea Micalizzi has discovered a vulnerability in 2X ApplicationServer TuxSystem ActiveX Control, which can be exploited by malicious people to manipulate certain data. The vulnerability is caused due to the TuxSystem ActiveX control (TuxScripting.dll) providing an insecure "ExportSettings()" method, which can be exploited to create or overwrite arbitrary files in the context of the currently logged-on user. The vulnerability is confirmed in version 10.1 Build 1224. SOLUTION: Set the kill-bit for the affected ActiveX control. PROVIDED AND/OR DISCOVERED BY: Andrea Micalizzi (rgod) via Secunia. OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . SOLUTION: Disable the TFTP service

Trust: 2.7

sources: NVD: CVE-2011-4821 // JVNDB: JVNDB-2011-005336 // CNVD: CNVD-2012-0378 // BID: 51659 // VULHUB: VHN-52766 // PACKETSTORM: 109399 // PACKETSTORM: 109461

IOT TAXONOMY

category:

['IoT', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2012-0378

AFFECTED PRODUCTS

vendor:	d link	model:	dir-601	scope:	eq	version:	1.02na	Trust: 1.4
vendor:	dlink	model:	dir-601	scope:	eq	version:	1.02na	Trust: 1.0
vendor:	dlink	model:	dir-601	scope:	eq	version:	-	Trust: 1.0
vendor:	d link	model:	dir-601 1.02na	scope:	-	version:	-	Trust: 0.9
vendor:	d link	model:	dir-601	scope:	-	version:	-	Trust: 0.8

sources: CNVD: CNVD-2012-0378 // BID: 51659 // JVNDB: JVNDB-2011-005336 // CNNVD: CNNVD-201202-012 // NVD: CVE-2011-4821

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2011-4821
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2011-4821
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201202-012
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-52766
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2011-4821
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-52766
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-52766 // JVNDB: JVNDB-2011-005336 // CNNVD: CNNVD-201202-012 // NVD: CVE-2011-4821

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.9

sources: VULHUB: VHN-52766 // JVNDB: JVNDB-2011-005336 // NVD: CVE-2011-4821

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201202-012

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201202-012

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-005336

PATCH

title:	トップページ	url:	http://www.dlink-jp.com/	Trust: 0.8
title:	DIR-601	url:	http://www.dlink.com/us/en/home-solutions/connect/routers/dir-601-wireless-n-150-home-router	Trust: 0.8

sources: JVNDB: JVNDB-2011-005336

EXTERNAL IDS

db:	NVD	id:	CVE-2011-4821	Trust: 3.4
db:	BID	id:	51659	Trust: 2.0
db:	SECUNIA	id:	47762	Trust: 1.8
db:	JVNDB	id:	JVNDB-2011-005336	Trust: 0.8
db:	CNNVD	id:	CNNVD-201202-012	Trust: 0.7
db:	CNVD	id:	CNVD-2012-0378	Trust: 0.6
db:	VULHUB	id:	VHN-52766	Trust: 0.1
db:	SECUNIA	id:	47657	Trust: 0.1
db:	PACKETSTORM	id:	109399	Trust: 0.1
db:	PACKETSTORM	id:	109461	Trust: 0.1

sources: CNVD: CNVD-2012-0378 // VULHUB: VHN-52766 // BID: 51659 // JVNDB: JVNDB-2011-005336 // PACKETSTORM: 109399 // PACKETSTORM: 109461 // CNNVD: CNNVD-201202-012 // NVD: CVE-2011-4821

REFERENCES

url:	http://www.solutionary.com/research/vulnerability-disclosures/2012/01/d-link-dir-601-tftp-directory-traversal-vulnerability	Trust: 2.5
url:	http://www.securityfocus.com/archive/1/521369	Trust: 2.3
url:	http://www.securityfocus.com/bid/51659	Trust: 1.7
url:	http://secunia.com/advisories/47762	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4821	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4821	Trust: 0.8
url:	http://www.dlink.com/	Trust: 0.3
url:	/archive/1/521369	Trust: 0.3
url:	http://secunia.com/vulnerability_intelligence/	Trust: 0.2
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.2
url:	http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/	Trust: 0.2
url:	http://secunia.com/vulnerability_scanning/personal/	Trust: 0.2
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.2
url:	http://secunia.com/blog/296	Trust: 0.2
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.2
url:	http://secunia.com/advisories/47657/	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=47657	Trust: 0.1
url:	http://secunia.com/advisories/47657/#comments	Trust: 0.1
url:	http://secunia.com/advisories/47762/	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=47762	Trust: 0.1
url:	http://www.solutionary.com/index/sert/vuln-disclosures/d-link_dir-601.php	Trust: 0.1
url:	http://secunia.com/advisories/47762/#comments	Trust: 0.1

CREDITS

Rob Kraus and Solutionary Engineering Research Team

Trust: 0.9

sources: BID: 51659 // CNNVD: CNNVD-201202-012

SOURCES

db:	CNVD	id:	CNVD-2012-0378
db:	VULHUB	id:	VHN-52766
db:	BID	id:	51659
db:	JVNDB	id:	JVNDB-2011-005336
db:	PACKETSTORM	id:	109399
db:	PACKETSTORM	id:	109461
db:	CNNVD	id:	CNNVD-201202-012
db:	NVD	id:	CVE-2011-4821

LAST UPDATE DATE

2024-08-14T12:45:51.019000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2012-0378	date:	2012-02-03T00:00:00
db:	VULHUB	id:	VHN-52766	date:	2014-06-23T00:00:00
db:	BID	id:	51659	date:	2012-01-25T00:00:00
db:	JVNDB	id:	JVNDB-2011-005336	date:	2014-06-24T00:00:00
db:	CNNVD	id:	CNNVD-201202-012	date:	2023-04-27T00:00:00
db:	NVD	id:	CVE-2011-4821	date:	2023-04-26T19:27:52.350

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2012-0378	date:	2012-02-03T00:00:00
db:	VULHUB	id:	VHN-52766	date:	2014-06-20T00:00:00
db:	BID	id:	51659	date:	2012-01-25T00:00:00
db:	JVNDB	id:	JVNDB-2011-005336	date:	2014-06-24T00:00:00
db:	PACKETSTORM	id:	109399	date:	2012-02-03T12:32:59
db:	PACKETSTORM	id:	109461	date:	2012-02-06T04:01:44
db:	CNNVD	id:	CNNVD-201202-012	date:	1900-01-01T00:00:00
db:	NVD	id:	CVE-2011-4821	date:	2014-06-20T14:55:04.687