A remote vulnerability was discovered on D-Link DIR-600M Wireless N 150 Home Router in multiple respective firmware versions. The vulnerability provides unauthenticated remote access to the router's WAN configuration page i.e. "wan.htm", which leads to disclosure of sensitive user information including but not limited to PPPoE, DNS configuration etc, also allowing to change the configuration settings as well. A metasploit script exploits the same vulnerability: https://github.com/d0x0/D-Link-DIR-600M/blob/master/dlink-cve-2019-13101.rb A Nmap nse script to exploit the vulnerability : https://github.com/d0x0/D-Link-DIR-600M/blob/master/dlink-cve-2019-13101.nse Regards: Devendra Singh Solanki https://twitter.com/_d0x0_ https://github.com/d0x0
