JOIN BREACHFORUMS TELEGRAM
D-Link DIR-823X AX3000 Dual-Band Gigabit Wireless Router Remote Command Execution POC
by Loki - Friday July 26, 2024 at 07:50 PM
The God of Stories
Member
Posts: 2,886
Threads: 65
Joined: Jun 2024
Reputation: 1,788

Active
#1
Jul 26, 2024, 07:50 PM
In this firmware version, the web server is not properly handling the
ntp_zone_val
field in the CGI request for
/goform/set_ntp
. This allows an attacker to craft a malicious
ntp_zone_val
field and send a malicious HTTP request to the
/goform/set_ntp
CGI, leading to command execution with administrator privileges on the firmware file system.
Hidden Content
You must register or login to view this content.
Omnicer
Reply
Breached
Member
Posts: 51
Threads: 1
Joined: Jul 2024
Reputation: 0
#2
Jul 26, 2024, 09:08 PM
Keyword the query search in shodan ?
Reply
Advanced User

Posts: 56
Threads: 2
Joined: Aug 2023
Reputation: -1
#3
Jul 30, 2024, 03:32 PM
but why ntp_zone_val
Reply
The God of Stories
Member
Posts: 2,886
Threads: 65
Joined: Jun 2024
Reputation: 1,788

Active
#4
Jul 30, 2024, 05:09 PM
(Jul 30, 2024, 03:32 PM)ghostess256 Wrote: but why ntp_zone_val

This might help.

https://github.com/Swind1er/Video/raw/main/set_ntp.mp4
Reply
VIP User
VIP
Posts: 3
Threads: 0
Joined: Aug 2024
Reputation: 10
#5
Aug 10, 2024, 11:55 PM
thanks buddy , , , , , , , ,
Reply
Breached
Member
Posts: 16
Threads: 0
Joined: Jul 2024
Reputation: 0
#6
Aug 12, 2024, 01:39 AM
(Jul 26, 2024, 07:50 PM)Lokie Wrote:
In this firmware version, the web server is not properly handling the
ntp_zone_val
field in the CGI request for
/goform/set_ntp
. This allows an attacker to craft a malicious
ntp_zone_val
field and send a malicious HTTP request to the
/goform/set_ntp
CGI, leading to command execution with administrator privileges on the firmware file system.
Omnicer

Good luck my fried
Reply
Breached
Member
Posts: 5
Threads: 0
Joined: Aug 2024
Reputation: 0
#7
Aug 22, 2024, 12:09 PM
thanks you so much
Reply
Breached
Member
Posts: 3
Threads: 0
Joined: Aug 2024
Reputation: 0
#8
Aug 29, 2024, 02:42 PM
thanks you so much
Reply
Banned

Posts: 39
Threads: 0
Joined: Jan 2025
Reputation: 0
#9
Feb 18, 2025, 04:09 PM
Checking it out.I hope he lives to work.

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.
Reply
Banned

Posts: 28
Threads: 1
Joined: Nov 2024
Reputation: 0
#10
Feb 21, 2025, 02:07 PM
Thank you father. I love you breachforums cmmunity.

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  New Zer0 Day Wordpress A3g00n 82 3,711 Yesterday, 01:14 PM
Last Post: wker
  {SECRET} DATABASE OF EXPLOITS lulagain 440 27,742 May 07, 2026, 09:44 PM
Last Post: caribou
  Dokan Pro Unauthenticated SQL Injection POC | CVSS 10 Loki 44 4,075 May 07, 2026, 04:45 PM
Last Post: Insulina
  [POC] Google OAuth "MultiLogin" endpoint 0-day Farfallaiero 108 14,152 May 06, 2026, 05:42 PM
Last Post: nobcoderfck
  Ban Any Discord Exploit phineasfisherman 7 549 May 06, 2026, 10:16 AM
Last Post: sniperx86

Forum Jump:


 Users browsing this forum: 1 Guest(s)