.. / CVE-2020-24579

Exploit for D-Link DSL 2888a - Authentication Bypass/Remote Command Execution (CVE-2020-24579)

Description:

D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55 are vulnerable to authentication bypass issues which can lead to remote command execution. An unauthenticated attacker could bypass authentication to access authenticated pages and functionality.

Nuclei Template

View the template here CVE-2020-24579.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2020/CVE-2020-24579.yaml

References:

https://github.com/Elsfa7-110/kenzer-templates
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/d-link-multiple-security-vulnerabilities-leading-to-rce/
https://www.trustwave.com/en-us/resources/security-resources/security-advisories/
https://github.com/ARPSyndicate/kenzer-templates
https://nvd.nist.gov/vuln/detail/CVE-2020-24579

.. / CVE-2020-24579 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for D-Link DSL 2888a - Authentication Bypass/Remote Command Execution (CVE-2020-24579)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2020-24579