D-Link DSR Series Routers Local File Inclusion Vulnerability

A Local File Inclusion (LFI) vulnerability has been identified in D-Link DSR series routers, specifically in the DSR-150, DSR-150N, and DSR-250N models running firmware version 1.09B32_WW. This vulnerability allows unauthenticated remote attackers to access sensitive configuration files in clear text. The exposed files include administrative credentials, VPN settings, and other critical information, potentially granting full administrative access to the router.

Impact

Exploitation of this vulnerability allows unauthorized access to sensitive router configuration files, including administrative credentials and VPN settings. This access could lead to unauthorized administrative access on the affected router.

Reproduction

To reproduce this vulnerability, send an HTTP POST request to the '/scgi-bin/platform.cgi' endpoint. Include a payload in the 'thispage' field that traverses directories (using '../') to access sensitive files, such as '/etc/passwd' or the router's configuration file located at '/tmp/teamf1.cfg.ascii'. The response will contain the requested file in clear text, exposing sensitive information such as administrative credentials and device configuration.