| Title | D-Link DIR-803 1.04 and earlier Authorization Bypass |
|---|
| Description | An authentication bypass vulnerability exists in the /getcfg.php interface of D-Link DIR-803 routers (A1 1.04 and earlier). By supplying SERVICES=DEVICE.ACCOUNT together with an injected AUTHORIZED_GROUP=1%0a parameter, an attacker can cause getcfg.php to return the XML configuration containing administrator login credentials. |
|---|
| Source | ⚠️ https://github.com/Madgeaaaaa/MY_VULN_2/blob/main/D-Link/vuln-2/DIR-803%20Authentication%20Bypass.md |
|---|
| User | Anonymous User |
|---|
| Submission | 11/28/2025 13:15 (7 months ago) |
|---|
| Moderation | 12/11/2025 09:40 (13 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 335869 [D-Link DIR-803 up to 1.04 Configuration /getcfg.php AUTHORIZED_GROUP information disclosure] |
|---|
| Points | 19 |
|---|