Improper access control in D-link Firmware DIR-601
31 March, 2020
CWE-284: Improper Access Control
D-Link introduces the Wireless N 150 Home Router (DIR-601), which delivers high performance end-to-end wireless connectivity based on Wireless N technology. The DIR-601 provides better wireless coverage and improved speeds over previous-generation Wireless G*. Upgrading your home network to Wireless N 150 provides an excellent solution for experiencing better wireless performance while sharing a broadband Internet connection with multiple computers over a secure wireless network.
Vulnerable Firmware Versions
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor
Steps to reproduce:
As part of the exploitation, the attacker (user account) can change the admin’s “password”, and similarly other settings, configurations available.
Discovered by ACE Team – Loginsoft