D-Link DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Router – Authentication Bypass

• Exploit Database
• 15 阅读

• 作者： Gem George
  日期： 2018-03-30
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/44378/

• # Exploit Title: D-Link DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Route Authentication Bypass
  # CVE: CVE-2018-9032
  # Date: 24-03-2018
  # Exploit Author: Gem George
  # Author Contact: https://www.linkedin.com/in/gemgrge
  # Vulnerable Product: D-Link DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Router http://www.dlink.co.in/products/?pid=628
  # Firmware version: 1.02-2.06
  # Hardware version: A1, B1
  # Vendor Homepage: https://dlink.com
  
  
  Vulnerability Details
  ======================
  An authentication bypass vulnerability on D-Link DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Router potentially allows attackers to bypass SharePort Web Access Portal by directly accessing authenticated pages such as /category_view.php or /folder_view.php. This could potentially allow unauthorized remote access of media stored in SharePort and may perform write operation in the portal
  
  How to exploit
  ===================
  Directly call authenticated URLs to bypass authentication
  
  Examples:
  * http://[router_ip][port]/category_view.php
  * http://[router_ip][port]/folder_view.php
  
  POC
  =========
  * https://youtu.be/Wmm4p8znS3s