Skip to content

Commit 3936d3b

Browse files
wvuwvu
committed
Clean up module
1 parent 0a4ce1e commit 3936d3b

File tree

3 files changed

+7
-6
lines changed

3 files changed

+7
-6
lines changed

documentation/modules/exploit/linux/http/dlink_dir850l_unauth_exec.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
1-
The module dlink_dir850_(un)auth_exec leverages an unauthenticated credential disclosure vulneralbility to then execute arbitrary commands via an authenticated OS command injection
2-
vulneralbility. D-LINK 850L (excluding "Cloud" models) devices with firmware version up to 1.14B07
3-
are potentially vulnerable. The vulneralbility seems to occur within the parsing of the config. Another PoC can be found here https://www.seebug.org/vuldb/ssvid-96333. Setting command to be `reboot` will force the router into an infinite loop.
1+
The module dlink_dir850_(un)auth_exec leverages an unauthenticated credential disclosure vulnerability to then execute arbitrary commands via an authenticated OS command injection
2+
vulnerability. D-LINK 850L (excluding "Cloud" models) devices with firmware version up to 1.14B07
3+
are potentially vulnerable. The vulnerability seems to occur within the parsing of the config. Another PoC can be found here https://www.seebug.org/vuldb/ssvid-96333. Setting command to be `reboot` will force the router into an infinite loop.
44

55
## Vulnerable Application
66

modules/exploits/linux/http/dlink_850l_unauth_exec.rb renamed to modules/exploits/linux/http/dlink_dir850l_unauth_exec.rb

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -17,11 +17,12 @@ def initialize(info = {})
1717
'Name' => 'DIR-850L (Un)authenticated OS Command Exec',
1818
'Description' => %q{
1919
This module leverages an unauthenticated credential disclosure
20-
vulneralbility to then execute arbitrary commands on DIR-850L routers
20+
vulnerability to then execute arbitrary commands on DIR-850L routers
2121
as an authenticated user. Unable to use Meterpreter payloads.
2222
},
2323
'Author' => [
24-
'Mumbai <https://github.com/realoriginal>' # module
24+
'Mumbai', # https://github.com/realoriginal (module)
25+
'Zdenda' # vuln discovery
2526
],
2627
'References' => [
2728
['URL', 'https://www.seebug.org/vuldb/ssvid-96333'],

modules/exploits/linux/http/netgear_dgn1000_setup_unauth_exec.rb

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@ def initialize(info = {})
1818
DGN2000v1 models.
1919
},
2020
'Author' => [
21-
'Mumbai <https://github.com/realoriginal>', # module
21+
'Mumbai', # https://github.com/realoriginal (module)
2222
'Robort Palerie <[email protected]>' # vuln discovery
2323
],
2424
'References' => [

0 commit comments

Comments
 (0)