D-LINK 0Day Full Disclosure

A D-LINK security flaw (0Day) has just been revealed . The gap allows connecting to the router's online page, like device.

Vulnerability affects DIR-652, DIR-615, DIR-827, DIR-615, DIR-657, and DIR-825.

0Day

Description:

Open the web interface of the router and try to connect to “User” or “user”. The address has the following format:  

http://:port/wizard_wan.asp 

The source page shows the following:

:: view-source port / wizard_wan.asp

If you go down the source code page you will see this:

administrator password in plain text (yes means that s is in plain text format).

The point is that all of the D-LINK models mentioned above do not need a password to connect to the router's configuration page.

You can connect with the above names and a blank password. Ports that you can try: 8080 or 8081.

So one As a user, it can connect to your router if it knows your IP (it's very easy to find out), and cause you various problems, for example redirecting you to phishing pages to steal valuable passwords. .

The void (0Day) was just revealed now at seclists.org by Marty. It was originally announced on 25 June of 2019, but today it is available for the entire internet.

Do you own one of the above routers? Change your password immediately if you are still using the factory.

___________________

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).