CVE-2017-6206 PoC — 多款D-Link DGS-1510 Websmart设备信息泄露漏洞

Source

Associated Vulnerability

Description

The DGS-1510 Websmart switch series firmware has been found to have security vulneratiblies. The vulnerabilities include unauthenticated command bypass and unauthenticated information disclosure.

Readme

# CVE-2017-6206

The DGS-1510 Websmart switch series firmware has been found to have security vulneratiblies. The vulnerabilities include unauthenticated command bypass and unauthenticated information disclosure.

exploit.sh contains both PoC code and it will create a remote user at specified D-Link Enterprise Switch Without Authentication 

vamin$ sh exploit.sh "1.1.1.1"


 ####################################################################
 # exploit.sh 				                            #
 # D-link DGS Authentication Bypass  0-day 	                    #
 # By  : Varang Amin & Aditya Sood                                  #
 #####################################################################

Steps


      1. Collect The User Info From DGS Vulnerable Switch
      2. Add a user name dlinktest into DGS swith
      3. Collect The User Info & verify the new dlinktest  user added with Admin Access

File Snapshot

 [4.0K]  /data/pocs/f57e59042d210a76ba8946f264cc4b26ffad5814
├── [1.2K]  exploit.sh
├── [2.4K]  get-user-info.py
├── [ 908]  README.md
└── [2.6K]  user_add.py

0 directories, 4 files

Remarks