CVE-2019-17506 PoC — D-Link DIR-817LW和D-Link DIR-868L 授权问题漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2019/CVE-2019-17506.yaml

Associated Vulnerability

Title:D-Link DIR-817LW和D-Link DIR-868L 授权问题漏洞 (CVE-2019-17506)
Description:D-Link DIR-817LW和D-Link DIR-868L都是中国台湾友讯（D-Link）公司的一款无线路由器。 D-Link DIR-868L B1-2.03版本和DIR-817LW A1-1.04版本中存在授权问题漏洞，该漏洞源于一些Web界面没有要求进行身份验证。攻击者可利用该漏洞获取用户名和密码，进而远程控制路由器。

Description

D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers are vulnerable to information disclosure vulnerabilities because certain web interfaces do not require authentication. An attacker can get the router's username and password (and other information) via a DEVICE.ACCOUNT value for SERVICES in conjunction with AUTHORIZED_GROUP=1%0a to getcfg.php. This could be used to control the router remotely.

File Snapshot


 id: CVE-2019-17506

info:
  name: D-Link DIR-868L/817LW - Information Disclosure
  author: pikpikcu


...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!