[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] Dlink-CVE-2019-13101

To: dev@xxxxxxxx, fulldisclosure@xxxxxxxxxxxx
Subject: [FD] Dlink-CVE-2019-13101
From: Devendra Solanki <devendra0x0@xxxxxxxxx>
Date: Fri, 9 Aug 2019 10:18:42 +0530

A remote vulnerability was discovered on D-Link DIR-600M Wireless N 150
Home Router in multiple respective firmware versions.
The vulnerability provides unauthenticated remote access to the router's
WAN configuration page i.e. "wan.htm", which leads to
disclosure of sensitive user information including but not limited to
PPPoE, DNS configuration etc, also allowing to change
the configuration settings as well.

A Nmap nse script to exploit the vulnerability :
https://github.com/d0x0/D-Link-DIR-600M/blob/master/dlink-cve-2019-13101.nse


Regards:
Devendra Singh Solanki
https://twitter.com/_d0x0_
https://github.com/d0x0

Attachment: dlink-cve-2019-13101.nse
Description: Binary data

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Prev by Date: [FD] Mitel 6869i SIP Deskphone 4.2.2032: Unauthenticated Bash Command Injection Vulnerability with Root Priviledges in /cgi-bin/webuploadconfig script
Next by Date: [FD] Multiple banks - potential risk of an inconsequent client separation
Previous by thread: [FD] Mitel 6869i SIP Deskphone 4.2.2032: Unauthenticated Bash Command Injection Vulnerability with Root Priviledges in /cgi-bin/webuploadconfig script
Next by thread: [FD] Multiple banks - potential risk of an inconsequent client separation
Index(es):
- Date
- Thread