The D-link router DIR-885L-MFC 1.15b02, v1.21b05 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data.
Proof of Concept (POC):
Issues: The telnet hardcoded default credentials are the vulnerable elements in the firmware of DIR-868L.
Step 1: Extract the firmware
Step 2: Run the command cat etc/init0.d/S80telnetd.sh to get the username and the location of the variable used for storing the password.
Figure 1: Clear text username as shown in screenshots
Step 3: Run the command cat etc/config/image_sign to get the password
Figure 2: Clear text password as shown in screenshots
Impact
A successful exploit could allow the attacker to gain access to the firmware and to extract sensitive data.