D-Link DI-7003GV2 Information Disclosure Vulnerability
Vulnerability
An information disclosure vulnerability has been identified in the D-Link DI-7003GV2 router, specifically in the firmware version 24.04.18D1 R(68125). The vulnerability resides in the '/install_base.data' file, which can be accessed remotely without authentication. Exploitation of this vulnerability allows unauthorized users to retrieve sensitive information from the device, including the serial number, MAC addresses, model, firmware version, and WAN IP address.
Impact
Exploitation of this vulnerability leads to unauthorized access to sensitive device information, which could be used for further attacks or to compromise the device's security.
Reproduction
The vulnerability can be reproduced by sending a GET request to the '/install_base.data' endpoint. This can be done using a web browser or a tool like curl. The request does not require any authentication and can be sent from anywhere on the network.
Remediation
It is recommended to implement proper firewall rules to block unauthorized access to the vulnerable endpoint.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.