D-Link DIR-605L and DIR-619L Information Disclosure Vulnerability in Wifi Setting Handler

An information disclosure vulnerability has been identified in the D-Link DIR-605L and DIR-619L routers, specifically in the 2.06B01 and 2.13B01 firmware versions. This vulnerability arises from improper access control and incorrect privilege assignment, allowing attackers to access sensitive wireless security information, such as WEP and WPA keys, without authentication. The exploitation of this vulnerability could lead to unauthorized access to the wireless network and compromise connected devices.

Impact

Exploitation of this vulnerability allows for unauthorized access to wireless network security keys, enabling attackers to bypass wireless security measures and gain access to the network. This could result in unauthorized access to devices connected to the network.

Reproduction

The vulnerability can be reproduced by accessing the 'wifisc_ap_get_wpa_settings.asp' and 'get_auto_wepkey.asp' pages without authentication. This can be done remotely, taking advantage of the improper access control in the router's firmware.

Remediation

Users are advised to apply restrictive firewall measures to protect against this vulnerability.