module

D-Link DIR-600 / DIR-300 Unauthenticated Remote Command Execution

Try Surface Command
Back to search
Disclosed
2013-02-04
Created
2018-05-30

Description

This module exploits an OS Command Injection vulnerability in some D-Link
Routers like the DIR-600 rev B and the DIR-300 rev B. The vulnerability exists in
command.php, which is accessible without authentication. This module has been
tested with the versions DIR-600 2.14b01 and below, DIR-300 rev B 2.13 and below.
In order to get a remote shell the telnetd could be started without any
authentication.

Author

Michael Messner devnull@s3cur1ty.de

References

Module Options

To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:


    msf > use auxiliary/admin/http/dlink_dir_300_600_exec_noauth
    msf auxiliary(dlink_dir_300_600_exec_noauth) > show actions
        ...actions...
    msf auxiliary(dlink_dir_300_600_exec_noauth) > set ACTION < action-name >
    msf auxiliary(dlink_dir_300_600_exec_noauth) > show options
        ...show and set options...
    msf auxiliary(dlink_dir_300_600_exec_noauth) > run
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today