CVE-2024-57045 Scanner
CVE-2024-57045 Scanner - Information Disclosure vulnerability in D-Link DIR-859
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
9 days 5 hours
Scan only one
Domain, Subdomain, IPv4
Toolbox
-
D-Link DIR-859 is a wireless router designed for home and small business networking. It provides high-speed internet access with dual-band Wi-Fi connectivity. The router includes a web-based management interface that allows administrators to configure security settings and control access. D-Link devices are widely used globally due to their affordability and ease of deployment. The router features security mechanisms such as firewalls and encryption to protect against cyber threats. Despite these security features, vulnerabilities may arise due to misconfigurations or software flaws.
This vulnerability affects the D-Link DIR-859 router and allows attackers to obtain sensitive device account credentials. The issue stems from an unauthenticated request to the `/getcfg.php` endpoint. Attackers can exploit this flaw to retrieve administrative account information, including usernames and passwords. This vulnerability is categorized under CWE-200 (Information Disclosure), indicating improper protection of sensitive data. Successful exploitation allows unauthorized access to the router’s management interface. If compromised, attackers can manipulate network settings and compromise connected devices.
The vulnerability is located in the `/getcfg.php` endpoint of the D-Link DIR-859 router. Attackers can send an unauthenticated HTTP POST request with the parameter `SERVICES=DEVICE.ACCOUNT` to extract stored credentials. The server responds with an XML file containing the administrator’s username, password, and account details. Since no authentication is required for this request, attackers can exploit it remotely. The response includes sensitive data in cleartext, making it a critical security flaw. This issue significantly increases the risk of unauthorized network access and device takeover.
Exploitation of this vulnerability can lead to full administrative control over the affected router. Attackers can alter security settings, modify DNS configurations, and intercept network traffic. Unauthorized access may allow attackers to deploy malware, conduct man-in-the-middle attacks, or hijack network connections. Credential exposure can also facilitate further attacks on other connected devices. A compromised router poses a severe risk to personal and business networks. Users may experience loss of privacy, data breaches, and service disruptions.
REFERENCES
