D-Link DI-7003GV2 Information Disclosure Vulnerability

An information disclosure vulnerability has been identified in the D-Link DI-7003GV2 router, specifically in firmware version 24.04.18D1 R(68125). The issue arises in an unknown functionality of the file '/login.data', allowing remote attackers to access sensitive device information without authentication. This includes details such as the device model, firmware version, and various configuration settings like the status of mini programs and logo preferences.

Impact

Exploitation of this vulnerability allows for unauthorized access to sensitive device information, which could be used for further attacks or to exploit other vulnerabilities.

Reproduction

The vulnerability can be reproduced by sending a GET request to the '/login.data' endpoint. This request can be made using a web browser or a tool like curl, without the need for authentication. The response will include the sensitive information that is being disclosed by the vulnerability.