D-Link DSL-6850U Multiple Vulnerabilities
### Vulnerabilities Summary The following advisory describes two (2) vulnerabilities found in D-Link DSL-6850U versions BZ_1.00.01 – BZ_1.00.09. D-Link DSL-6850U is a router “manufactured by D-Link for Bezeq in Israel” The vulnerabilities found are: ### Default Credentials Remote Command Execution ### Credit An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program. ### Vendor response Bezeq was informed of the vulnerability on June 9, and released patches to address these vulnerabilities. ### Vulnerabilities details The device has a custom firmware with the following issues: 1. The Remote Web Management is enabled by default 2. The default account cannot be disabled #### Default Credentials The default account username is: `support` The password is: `support` #### Remote Command Execution The shell interface allows only a set of commands however you can “bind” them using ‘&&’ ‘||’ Sending the command to the shell:...
