Sign-up

ID

VAR-E-202006-0104


CVE

cve_id:CVE-2019-17525

Trust: 1.5

sources: PACKETSTORM: 157936 // EXPLOIT-DB: 48551

EDB ID

48551


TITLE

D-Link DIR-615 T1 20.10 - CAPTCHA Bypass - Hardware webapps Exploit

Trust: 0.6

sources: EXPLOIT-DB: 48551

DESCRIPTION

D-Link DIR-615 T1 20.10 - CAPTCHA Bypass. CVE-2019-17525 . webapps exploit for Hardware platform

Trust: 0.6

sources: EXPLOIT-DB: 48551

AFFECTED PRODUCTS

vendor:d linkmodel:dir-615 t1scope:eqversion:20.10

Trust: 1.6

vendor:d linkmodel:dir-615 t1 captchascope:eqversion:20.10

Trust: 0.5

sources: PACKETSTORM: 157936 // EXPLOIT-DB: 48551 // EDBNET: 103054

EXPLOIT

# Exploit Title: D-Link DIR-615 T1 20.10 - CAPTCHA Bypass
# Date: 2019-10-12
# Exploit Author: huzaifa hussain
# Vendor Homepage: https://in.dlink.com/
# Version: DIR-615 T1 ver:20.10
# Tested on: D-LINK ROUTER "MODEL NO: DIR-615" with "FIRMWARE VERSION:20.10" & "HARDWARE VERSION:T1
# CVE: CVE-2019-17525

D-LINK ROUTER "MODEL NO: DIR-615" with "FIRMWARE VERSION:20.10" & "HARDWARE VERSION:T1

A vulnerability found on login-in page of D-LINK ROUTER "DIR-615" with "FIRMWARE VERSION:20.10" & "HARDWARE VERSION:T1" which allows attackers to easily bypass CAPTCHA on login page by BRUTEFORCING.

------------------------------------
D-Link released new firmware designed to protect against logging in to the router using BRUTEFORCING. There is a flaw in the captcha authentication system that allows an attacker to reuse the same captcha without reloading new.

ATTACK SCENARIO AND REPRODUCTION STEPS

1: Find the ROUTER LoginPage.
2: Fill the required login credentials.
3: Fill the CAPTCH properly and Intercept the request in Burpsuit.
4: Send the Request to Intruder and select the target variables i.e. username & password which will we bruteforce under Positions Tab
5: Set the payloads on target variables i.e. username & password under Payloads Tab.
5: Set errors in (the validatecode is invalid & username or password error, try again) GREP-MATCH under Options Tab.
6: Now hit the start attack and you will find the correct credentials.

-------------------------------------

Huzaifa Hussain

Trust: 1.0

sources: EXPLOIT-DB: 48551

EXPLOIT LANGUAGE

txt

Trust: 0.6

sources: EXPLOIT-DB: 48551

PRICE

free

Trust: 0.6

sources: EXPLOIT-DB: 48551

TYPE

CAPTCHA Bypass

Trust: 1.6

sources: EXPLOIT-DB: 48551 // EDBNET: 103054

TAGS

tag:exploit

Trust: 0.5

tag:bypass

Trust: 0.5

sources: PACKETSTORM: 157936

CREDITS

huzaifa hussain

Trust: 0.6

sources: EXPLOIT-DB: 48551

EXTERNAL IDS

db:EXPLOIT-DBid:48551

Trust: 1.6

db:NVDid:CVE-2019-17525

Trust: 1.5

db:EDBNETid:103054

Trust: 0.6

db:PACKETSTORMid:157936

Trust: 0.5

sources: PACKETSTORM: 157936 // EXPLOIT-DB: 48551 // EDBNET: 103054

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2019-17525

Trust: 1.5

url:https://www.exploit-db.com/exploits/48551/

Trust: 0.6

sources: PACKETSTORM: 157936 // EXPLOIT-DB: 48551 // EDBNET: 103054

SOURCES

db:PACKETSTORMid:157936
db:EXPLOIT-DBid:48551
db:EDBNETid:103054

LAST UPDATE DATE

2022-07-27T09:21:11.415000+00:00


SOURCES RELEASE DATE

db:PACKETSTORMid:157936date:2020-06-04T16:35:00
db:EXPLOIT-DBid:48551date:2020-06-04T00:00:00
db:EDBNETid:103054date:2020-06-04T00:00:00