D-link DIR-890L HNAP 未授权信息泄漏漏洞

HNAPHome Network Administration Protocol,家庭网络管理协议是一种基于SOAPSimple Object Access Protocol,简单对象管理协议的协议，和UPnP很像，通常被D-Link的”EZ”设置程序用来初始化设置路由器。 存在问题代码： / Grab a pointer to the SOAPAction header / SOAPAction = getenv"HTTPSOAPACTION"; / Skip authentication if the SOAPAction header contains...

D-Link Devices UPnP SOAPAction-Header Command Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'D-Link Devices UPnP SOAPAction-Header Command Execution', 'Description' = %q Different D-Link Routers are vulnerable to OS command...

D-Link Devices HNAP SOAPAction-Header Command Execution

Different D-Link Routers are vulnerable to OS command injection in the HNAP SOAP interface. Since it is a blind OS command injection vulnerability, there is no output for the executed command. This module has been tested on a DIR-645 device. The following devices are also reported as affected:...