D-Link DSL-124 Wireless N300 ADSL2+ Backup Configuration File Disclosure Vulnerability

A configuration file disclosure vulnerability has been identified in the D-Link DSL-124 Wireless N300 ADSL2+ router, specifically in the ME_1.00 firmware version. This vulnerability allows unauthenticated attackers to retrieve sensitive router settings, including network credentials and system configurations, by sending a POST request to the router's configuration endpoint. The issue arises from inadequate user and session management, enabling the unauthorized access to critical configuration files.

Impact

Exploitation of this vulnerability leads to the unauthorized disclosure of the router's configuration file, which contains sensitive information such as network credentials and system settings.

Reproduction

To reproduce this vulnerability, send a POST request to the router's configuration endpoint, specifically 'form2saveConf.cgi', with the 'submit.htm?saveconf.htm=Back+Settings' payload. This request can be made using tools like cURL. Once the request is processed, the router responds with a complete backup of the configuration file, including sensitive data such as Wi-Fi passwords and other network settings.