D-Link DAP-1160 Authentication Bypass CNVD-2010-5591

- AV AC AU C I A
发布: 2025-04-13
修订: 2025-04-13

The IS-2010-005 advisory describes a vulnerability in the D-Link DAP-1160, that allows for authentication bypass and complete device reconfiguration. Authentication can be bypassed by accessing the URL: http://IP_ADDR/tools_firmw.htm within 40 seconds of the web server start, and consequently after the reboot, and taking care that the request for the specified URL is the first HTTP request the web server receives. This vulnerability has been verified on the firmware versions 1.20, 1.30 and 1.31, that are all the binary firmware versions I made test with, but it might be present also in older firmware versions and/or other D-Link devices. Source code for DAP-1160 seems to be available only for version 1.20b06, and can be downloaded from here: ftp://ftp.dlink.it/Products/DAP/DAP-1160/GPL/DAP-1160_v120b06_GPL.tar.gz Unfortunately no source code is available for the httpd server, just object files that can be found at DAP-1160_v120b06_src/AP/httpd inside the compressed archive. The...

0%
暂无可用Exp或PoC
当前有0条受影响产品信息