D-Link DAP-1325 Broken Access Control Vulnerability Allowing Unauthenticated Configuration Downloads

A broken access control vulnerability has been identified in the D-Link DAP-1325 N300 Wi-Fi Range Extender, specifically in firmware version 1.01. This vulnerability allows unauthenticated attackers to download device configuration settings by exploiting the /cgi-bin/ExportSettings.sh endpoint. The issue arises because the device fails to require proper authentication before allowing access to sensitive configuration information.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive device configuration settings, which may include Wi-Fi credentials and other personal information.

Reproduction

To reproduce this vulnerability, access the device's login page and navigate to the /cgi-bin/ExportSettings.sh endpoint. This can be done by directly entering the URL into a web browser. The absence of authentication will allow the configuration settings to be downloaded without any credentials.