DIR-823G GetClientInfo InfoLeak
Vulnerability for D-Link Router
Product: D-Link DIR-823G (Refer: http://www.dlink.com.cn/home/product?id=2960)
Version: The latest firmware -- 1.02B03 (Download link: http://support.dlink.com.cn/ProductInfo.aspx?m=DIR-823G)
Vulnerability Type: Incorrect Access Control
Author: David Chen
Institution: Technology Research Institute of Legendsec at Qi’anxin Group
Vulnerability description
An issue was discovered in /bin/goahead on D-Link DIR-823G with the latest firmware 1.02B03. There is a incorrect access control problem allowing remote attackers to get sensitive information of all clients in WLAN without authentication via access a HNAP API named GetClientInfo.
POC
Attacker just need to call a HNAP API GetClientInfo remotely and get all clients information in WLAN, such as IPAddresses, MacAddress, DeviceName, etc..
This PoC can result in a information disclosure.
P.S. Given the vendor's security, we only provide parts of this exploit.


