mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-28 01:04:30 +00:00
1.5 KiB
1.5 KiB
CVE-2019-17506
Description
There are some web interfaces without authentication requirements on D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers. An attacker can get the router's username and password (and other information) via a DEVICE.ACCOUNT value for SERVICES in conjunction with AUTHORIZED_GROUP=1%0a to getcfg.php. This could be used to control the router remotely.
POC
Reference
No PoCs from references.
Github
- https://github.com/0day404/vulnerability-poc
- https://github.com/20142995/Goby
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/ArrestX/--POC
- https://github.com/HimmelAward/Goby_POC
- https://github.com/KayCHENvip/vulnerability-poc
- https://github.com/Miraitowa70/POC-Notes
- https://github.com/SexyBeast233/SecBooks
- https://github.com/Threekiii/Awesome-POC
- https://github.com/Z0fhack/Goby_POC
- https://github.com/amcai/myscan
- https://github.com/bigblackhat/oFx
- https://github.com/d4n-sec/d4n-sec.github.io
- https://github.com/openx-org/BLEN
- https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main
- https://github.com/sobinge/nuclei-templates