D-Link DSL-7740C Privilege Escalation Vulnerability in Maintenance Module

A vulnerability in the Maintenance module of the D-Link DSL-7740C router, specifically in the firmware version DSL7740C.V6.TR069.20211230, allows authenticated attackers with low-level privileges to arbitrarily change the passwords of high-privileged accounts, thereby escalating their privileges. This issue arises from incorrect access control in the web-based interface, where low privilege users can manipulate password change requests intended for higher privilege accounts.

Impact

Exploitation of this vulnerability allows low privilege users to gain administrative access on the device, potentially leading to unauthorized changes in configuration, disabling of security features, or access to sensitive information.

Reproduction

To reproduce this vulnerability, log in as a low privilege user and navigate to the 'Maintenance' tab. Intercept the network request using a proxy tool like Burp Suite when attempting to change the password for a low privilege account. Modify the request to change the password of a high privilege account instead, and submit the modified request. After the password has been changed, it can be verified by querying the system database.