This host is running D-Link DIR-100 Router and is prone to multiple vulnerabilities.

Successful exploitation will allow attacker to cause denial of service or execute arbitrary HTML and script code in a user's browser session in context of an affected website. Impact Level: Application

Apply the patch or upgrade to version 4.03B13 or later, For updates refer to http://more.dlink.de/sicherheit/index.html For Patch refer to http://exploitsdownload.com/exploit/na/d-link-dir-100-csrf-xss-disclosure-authentication

Multiple flaws are due to, - Retrieve the Administrator password and sensitive configuration parameters like the pppoe username and password without authentication. - Execute privileged Commands without authentication through a race condition leading to weak authentication enforcement. - Sending formatted request to a victim which then will execute arbitrary commands on the device. - Store arbitrary javascript code which will be executed when a victim accesses the administrator interface.

D-Link DIR-100 Hardware Revision: D1 Software Version: 4.03B07

Send a crafted data via HTTP request and check whether it is able to read the user information.

• http://cxsecurity.com/issue/WLB-2014020019
• http://pigstarter.krebsco.de/report/2013-12-18_dir100.txt
• http://www.exploit-db.com/exploits/31425
• http://www.osvdb.com/102984

---

Updated on 2017-03-28