A security flaw (0Day) of D-LINK routers has just been discovered. The gap allows online connection σελίδα of the router, as the device administrator.
Vulnerability affects DIR-652, DIR-615, DIR-827, DIR-615, DIR-657, and DIR-825.
Description:
Open the router's web interface and try to log in as "User" or "user". The address is as follows:
http://:port/wizard_wan.asp
The source page shows the following:
:: view-source port / wizard_wan.asp
If you go down the source code page you will see this:
admin password in plain text (yes means the code is in plain text).
The point is that all the D-LINK models we mentioned above do not need a code accesss to log into the router's settings page.
You can connect with the above names and a blank password. Ports that you can try: 8080 or 8081.
Such a villain user, can connect to your router if it knows your IP (it's very easy to find out), and cause you various problems, such as redirecting you to phishing pages to steal valuable passwords. .
The void (0Day) was just revealed now at seclists.org by Marty. It was originally announced on June 25, 2019, but as of today it's available for all Internet.
Do you own one of the above routers? Change password immediately if useseven the factory one.
___________________
- Microsoft: access to a private Linux mailing list
- WiFi view the stored codes in Windows
- Gmail at work? Now with a security sandbox
- Smartphones: why do they crack mobiles? Will it burst mine?