D-Link DIR-615 Remote Exploit

December 15th, 2009  | Tags:

D-Link’s DIR-615 Wireless N Router (http://www.dlink.com/products/?pid=565) contains a flaw that allows attackers to access administrative functions without authorization. By simply requesting a certain URL, this vulnerability can be used to perform numerous attacks including changing the admin password, disabling wireless security, and changing DNS settings.

The hole is confirmed in firmware version 3.10NA.

Example (changes admin password to ‘pwdpwd’):
Change password on 192.168.0.1

Share and Enjoy:
  • Facebook
  • HackerNews
  • Reddit
  • Digg
  • del.icio.us
  • Twitter
  • StumbleUpon
  • LinkedIn
  • Google Bookmarks
  • Slashdot
  • Technorati
  • email
  • DZone
  • Suggest to Techmeme via Twitter
  • RSS
  • PDF
  • Print
Leave a comment | Trackback
«
  1. Kristian Erik Hermansen
    January 18th, 2010 at 06:25
    Reply | Quote | #1

    Nice find dude! ;) Quite similar to another issue I found back in 2005 :D

    http://seclists.org/fulldisclosure/2005/Apr/134

  2. peter
    February 2nd, 2010 at 02:25
    Reply | Quote | #2

    this didn’t work for me… but I managed to get a javascript hack working:
    execute this: send_submit(“form2″);

    http://schpet.blogspot.com/2009/07/hello-world.html

  3. Sel
    May 27th, 2010 at 19:01
    Reply | Quote | #3

    Does this work remotely/over the internet with port 8080?

1 trackbacks/pingbacks

TOP