ID
VAR-E-202006-0104
CVE
cve_id: | CVE-2019-17525 | Trust: 1.5 |
EDB ID
48551
TITLE
D-Link DIR-615 T1 20.10 - CAPTCHA Bypass - Hardware webapps Exploit
Trust: 0.6
DESCRIPTION
D-Link DIR-615 T1 20.10 - CAPTCHA Bypass. CVE-2019-17525 . webapps exploit for Hardware platform
Trust: 0.6
AFFECTED PRODUCTS
vendor: | d link | model: | dir-615 t1 | scope: | eq | version: | 20.10 | Trust: 1.6 |
vendor: | d link | model: | dir-615 t1 captcha | scope: | eq | version: | 20.10 | Trust: 0.5 |
EXPLOIT
# Exploit Title: D-Link DIR-615 T1 20.10 - CAPTCHA Bypass
# Date: 2019-10-12
# Exploit Author: huzaifa hussain
# Vendor Homepage: https://in.dlink.com/
# Version: DIR-615 T1 ver:20.10
# Tested on: D-LINK ROUTER "MODEL NO: DIR-615" with "FIRMWARE VERSION:20.10" & "HARDWARE VERSION:T1
# CVE: CVE-2019-17525
D-LINK ROUTER "MODEL NO: DIR-615" with "FIRMWARE VERSION:20.10" & "HARDWARE VERSION:T1
A vulnerability found on login-in page of D-LINK ROUTER "DIR-615" with "FIRMWARE VERSION:20.10" & "HARDWARE VERSION:T1" which allows attackers to easily bypass CAPTCHA on login page by BRUTEFORCING.
------------------------------------
D-Link released new firmware designed to protect against logging in to the router using BRUTEFORCING. There is a flaw in the captcha authentication system that allows an attacker to reuse the same captcha without reloading new.
ATTACK SCENARIO AND REPRODUCTION STEPS
1: Find the ROUTER LoginPage.
2: Fill the required login credentials.
3: Fill the CAPTCH properly and Intercept the request in Burpsuit.
4: Send the Request to Intruder and select the target variables i.e. username & password which will we bruteforce under Positions Tab
5: Set the payloads on target variables i.e. username & password under Payloads Tab.
5: Set errors in (the validatecode is invalid & username or password error, try again) GREP-MATCH under Options Tab.
6: Now hit the start attack and you will find the correct credentials.
-------------------------------------
Huzaifa Hussain
Trust: 1.0
EXPLOIT LANGUAGE
txt
Trust: 0.6
PRICE
free
Trust: 0.6
TYPE
CAPTCHA Bypass
Trust: 1.6
TAGS
tag: | exploit | Trust: 0.5 |
tag: | bypass | Trust: 0.5 |
CREDITS
huzaifa hussain
Trust: 0.6
EXTERNAL IDS
db: | EXPLOIT-DB | id: | 48551 | Trust: 1.6 |
db: | NVD | id: | CVE-2019-17525 | Trust: 1.5 |
db: | EDBNET | id: | 103054 | Trust: 0.6 |
db: | PACKETSTORM | id: | 157936 | Trust: 0.5 |
REFERENCES
url: | https://nvd.nist.gov/vuln/detail/cve-2019-17525 | Trust: 1.5 |
url: | https://www.exploit-db.com/exploits/48551/ | Trust: 0.6 |
SOURCES
db: | PACKETSTORM | id: | 157936 |
db: | EXPLOIT-DB | id: | 48551 |
db: | EDBNET | id: | 103054 |
LAST UPDATE DATE
2022-07-27T09:21:11.415000+00:00
SOURCES RELEASE DATE
db: | PACKETSTORM | id: | 157936 | date: | 2020-06-04T16:35:00 |
db: | EXPLOIT-DB | id: | 48551 | date: | 2020-06-04T00:00:00 |
db: | EDBNET | id: | 103054 | date: | 2020-06-04T00:00:00 |