CVE-2024-33113

MEDIUM NUCLEI

D-LINK DIR-845L <=1.01KRb03 - Information Disclosure via bsc_sms_inbox.php

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2024-33113. PoCs published by FaLLenSKiLL1, tekua. A Nuclei detection template is also available.

AI-analyzed exploit summary The repository provides a functional PoC for CVE-2024-33113, an information disclosure vulnerability in D-LINK DIR-845L routers. The exploit leverages improper handling of the include() function in bsc_sms_inbox.php to retrieve sensitive information via a crafted HTTP request to getcfg.php.

Description

D-LINK DIR-845L <=v1.01KRb03 is vulnerable to Information disclosurey via bsc_sms_inbox.php.

Exploits (2)

nomisec WORKING POC 3 stars

by FaLLenSKiLL1 · poc

https://github.com/FaLLenSKiLL1/CVE-2024-33113

View Code ZIP pw:eip

The repository provides a functional PoC for CVE-2024-33113, an information disclosure vulnerability in D-LINK DIR-845L routers. The exploit leverages improper handling of the include() function in bsc_sms_inbox.php to retrieve sensitive information via a crafted HTTP request to getcfg.php.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: D-LINK DIR-845L

No auth needed

Prerequisites: Network access to the vulnerable router

MITRE ATT&CK

T1592 - Gather Victim Host Information

devstral-2 · analyzed Feb 19, 2026 Full analysis →

nomisec WRITEUP

by tekua · poc

https://github.com/tekua/CVE-2024-33113

View Code ZIP pw:eip

The repository describes an information disclosure vulnerability in D-LINK DIR-845L routers via improper handling of the include() function in bsc_sms_inbox.php, allowing arbitrary PHP script inclusion. The README provides technical details about the root cause and potential impact but lacks functional exploit code.

Classification

Writeup 80%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Theoretical

Target: D-LINK DIR-845L router

No auth needed

Prerequisites: Network access to the vulnerable router · Knowledge of the vulnerable endpoint (bsc_sms_inbox.php)

MITRE ATT&CK

T1083 - File and Directory Discovery T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 19, 2026 Full analysis →

Nuclei Templates (1)

D-LINK DIR-845L bsc_sms_inbox.php file - Information Disclosure

MEDIUMVERIFIEDby pussycat0x

Shodan: DIR-845L

References (1)

Core 1

Core References

Broken Link

https://github.com/yj94/Yj_learning/blob/main/Week16/D-LINK-POC.md

Scores

CVSS v3 5.3

EPSS 0.0342

EPSS Percentile 87.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79 CWE-77

Status published

Products (1)

dlink/dir-845l_firmware < 1.01krb03

Published May 06, 2024

Tracked Since Feb 18, 2026