what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 2 of 2

OSVDB: OSVDB-94924

D-Link Devices UPnP SOAP Telnetd Command Execution

Posted Sep 17, 2013

Authored by Michael Messner, juan vazquez | Site metasploit.com

Various D-Link Routers are vulnerable to OS command injection in the UPnP SOAP interface. This Metasploit module has been tested successfully on DIR-300, DIR-600, DIR-645, DIR-845 and DIR-865. According to the vulnerability discoverer, more D-Link devices may be affected.

tags | exploit

advisories | OSVDB-94924

SHA-256 | 52a628392ec5ee753541865f4aca6952fbf591c9999c1f65fb1b299552915715

Download | Favorite | View

D-Link Devices UPnP SOAP Command Execution

Posted Jul 23, 2013

Authored by Michael Messner, juan vazquez | Site metasploit.com

Different D-Link Routers are vulnerable to OS command injection in the UPnP SOAP interface. Since it is a blind OS command injection vulnerability, there is no output for the executed command when using the CMD target. Additionally, two targets are included, to start a telnetd service and establish a session over it, or deploy a native mipsel payload. This Metasploit module has been tested successfully on DIR-300, DIR-600, DIR-645, DIR-845 and DIR-865. According to the vulnerability discoverer, more D-Link devices may affected.

tags | exploit

advisories | OSVDB-94924

SHA-256 | 01d435ac6d062114f47621077e0eb7f0d7eaf8b4b14cc6838696243a3e34377f

Download | Favorite | View