| Titel | D-Link DIR-803 1.04 and earlier Authorization Bypass |
|---|
| Beschreibung | An authentication bypass vulnerability exists in the /getcfg.php interface of D-Link DIR-803 routers (A1 1.04 and earlier). By supplying SERVICES=DEVICE.ACCOUNT together with an injected AUTHORIZED_GROUP=1%0a parameter, an attacker can cause getcfg.php to return the XML configuration containing administrator login credentials. |
|---|
| Quelle | ⚠️ https://github.com/Madgeaaaaa/MY_VULN_2/blob/main/D-Link/vuln-2/DIR-803%20Authentication%20Bypass.md |
|---|
| Benutzer | Anonymous User |
|---|
| Einreichung | 28.11.2025 13:15 (vor 7 Monaten) |
|---|
| Moderieren | 11.12.2025 09:40 (13 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 335869 [D-Link DIR-803 bis 1.04 Configuration /getcfg.php AUTHORIZED_GROUP Information Disclosure] |
|---|
| Punkte | 19 |
|---|