关联漏洞
介绍
# CVE-2025-22968
D-Link DWR-M972V Software Version 1.05SSG Unauthenticated Access Vulnerability
## Description
Unauthenticated access in the default configuration of the D-Link DWR-M972V (Software Version 1.05SSG) allows an anonymous attacker to access the router and upload malicious backdoor scripts via public access.
## Vulnerability Type
Improper Authentication
## Vendor of Product
D-Link
## Affected Product Code Base
D-Link DWR-M972V Software Version 1.05SSG
## Affected Component
RouterOS on the router
## Attack Type
Remote
## Impact Code execution
True
## Impact Information Disclosure
True
## Attack Vectors
To exploit the vulnerability, the anonymous attacker could exploit.
## Discoverer
Chanon Temkamolsin, Weelapat Umarsa
## Proof of Concept
The tester navigates to the settings web GUI and performs a factory reset of the router before testing.


The tester connected the LAN cable from their device to the router and used "nmap" to scan the router's open ports. The scan revealed that the router had the following ports open: "22-SSH", "23-Telnet", and "443-HTTP".

The tester attempted to access the router via SSH and was able to log in as the `root` user without a password.

The tester attempted the same method on the WAN port and found that it allowed access to the router in the same way as the Local LAN port.



Additionally, the tester attempted to set a password for router authentication but discovered that it was not possible to configure a password for authentication on the router.
文件快照
[4.0K] /data/pocs/05815b634afb31841ce3af046b23d7f1aedca038
├── [4.0K] images
│ ├── [2.0M] img-1.png
│ ├── [1.8M] img-2.png
│ ├── [430K] img-3.png
│ ├── [1.5M] img-4.png
│ ├── [1.9M] img-5.png
│ ├── [425K] img-6.png
│ └── [1.7M] img-7.png
└── [1.7K] README.md
1 directory, 8 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。