Exploiting Router Authentication through Web Interface

  • 6

Exploiting Router Authentication through Web Interface

Routers such as D-Link , Linksys etc. whose web interface uses CGI scripts. We can easily access and change these routers configuration bypassing authentication. CGI is one method by which a web server can obtain data from (or send data to) databases, documents, and other programs, and present that data to viewers via the web.

This vulnerability is powerful as anyone can change router configuration, such as changing passwords, resetting router etc. through any web browser independent of any Operating System. First we need the router IP, which is usually IPV4 Default Gateway IP. We can find this using ipconfig /all command from cmd or checking details of network adapter connected to network from Network and Sharing Center.

Most common default router IPs are, etc. Suppose the router IP is, we change the URL format of any web page to ends with .cgi.

Ie, we change


Watch this video demonstration for more details. This video shows mainly:

  1. Accessing router configuration without username and password
  2. Finding usernames and passwords which are hidden in router



Watch video: https://youtu.be/8GZg1IuSfCs

Some other pages we can directly access like this are:

Exploiting Router Authentication through Web Interface
4 (80%) 5 votes



August 26, 2015 at 11:58 pm

It is saying 404 not found for all the above commands


    September 5, 2015 at 8:59 pm

    That means your router is secured or uses different technology such as PHP, ASP etc.


      December 11, 2015 at 2:11 pm

      Do you anything like this about Act Fibernet routers?


        December 14, 2015 at 10:56 am

        I have replied under the video where you commented


September 29, 2015 at 4:01 pm

Hello! I’m at work surfing around your blog from my new iphone 3gs!
Just wanted to say I love reading through your blog and look forward to all your posts!
Carry on the excellent work!

Loree Weisiger

July 11, 2016 at 7:43 am

Thank’s great post.

Leave a Reply