D-Link DI-7003GV2 Improper Authentication Vulnerability
Vulnerability
A critical authentication bypass vulnerability has been identified in the D-Link DI-7003GV2 router, specifically in the firmware version 24.04.18D1 R(68125). The issue resides in the '/H5/netconfig.asp' file, within the 'sub_497DE4' function. This vulnerability allows remote attackers to modify the device's LAN IP address without authentication, potentially leading to loss of access or network disruption.
Impact
Exploitation of this vulnerability allows for unauthorized modification of the device's LAN IP address, which could disrupt network connectivity or access to the device.
Reproduction
The vulnerability can be reproduced by sending a request to the '/H5/netconfig.asp' interface without authentication. This can be done by exploiting the authentication bypass to access the netconfig page and make unauthorized changes to the LAN IP address.
Remediation
It is recommended to implement firewall rules to block unauthorized access to the vulnerable interface.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.