D-Link DSL Routers Path Traversal Vulnerability Allowing Remote File Read

A path traversal vulnerability has been identified in the web management interface of D-Link DSL-2730U, DSL-2750U, and DSL-2750E ADSL routers. This vulnerability affects routers with specific firmware versions: IN_1.02, SEA_1.04, and SEA_1.07. The issue arises from inadequate input validation on the 'getpage' parameter within the '/cgi-bin/webproc' CGI script. As a result, an unauthenticated remote attacker can exploit this flaw by sending crafted requests that traverse the file system, potentially leading to unauthorized access to sensitive files on the device.

Impact

Exploitation of this vulnerability allows for arbitrary file read on the affected device, which could lead to the disclosure of sensitive information.

Reproduction

The vulnerability can be reproduced by sending a request to the '/cgi-bin/webproc' CGI script with a crafted 'getpage' parameter that includes path traversal sequences. This request can be made using a tool like 'torsocks' to anonymize the traffic. The response will include the contents of the requested file, such as '/etc/shadow', which contains sensitive information.