Share
## https://sploitus.com/exploit?id=6F528697-8313-5F92-9BBA-FE5FC4CAA4C1
# CVE-2023-33781

## Description
D-Link DIR-842V2 v1.0.3 was discovered to allow a user to run an arbitrary binary when connecting to telnet. This vulnerability can be triggered using backup/restore functionality.

## Proof of concept
![Proof Of Concept](./images/execute_exploit.png)

## Timeline
* Dec 09, 2022 - Contact vendor
* Dec 09, 2022 - Received response from vendor
* Dec 10, 2022 - Sent vulnerability report to vendor
* Feb 09, 2023 - Requested a status update from vendor
* Mar 29, 2023 - Requested a status update from vendor
* Mar 29, 2023 - Received a status update
* Mar 31, 2023 - Received a potentially fixed firmware from vendor
* Apr 03, 2023 - Reported to vendor that the new firmware fixes the vulnerability
* Apr 06, 2023 - Received response from vendor
* May 25, 2023 - Assigned CVE
* Jun 03, 2023 - Published exploit