| Title | D-Link Corporation D-Link DAR-7000-20-V3.2 DAR-7000-20-V3.2 Command Injection |
|---|
| Description | The D-Link DAR-7000 Internet Behavior Auditing Gateway is an Internet behavior management and auditing product. The DAR-7000-20-V3.2 version of this device contains a command execution vulnerability, allowing an attacker to gain server-level privileges.
The vulnerability occurs in the get_ip_addr_details function within the /view/vpn/sxh_vpn/sxh_vpnlic.php file. The $ethname parameter is passed directly into the $info variable and executed via the exec function, leading to a command execution vulnerability.
Here is the relevant code snippet:
$info = get_ip_addr_details($ethname);
exec($info);
Further down the code, it checks if the vdomain parameter is present in the POST request. If it is, it calls the vulnerable get_ip_addr_details function, where the indevice parameter is passed via POST and is user-controllable.
Code Analysis
In the code, the $ethname parameter is passed directly into the exec function without proper sanitization or validation, allowing attackers to inject arbitrary commands. By crafting a malicious POST request, attackers can exploit this vulnerability to execute arbitrary system commands. |
|---|
| Source | ⚠️ https://github.com/sjwszt/CVE/blob/main/CVE_1.md |
|---|
| User | Calmc1 (UID 81647) |
|---|
| Submission | 02/18/2025 10:48 AM (3 months ago) |
|---|
| Moderation | 02/28/2025 09:09 PM (10 days later) |
|---|
| Status | Accepted |
|---|
| VulDB Entry | 298030 [D-Link DAR-7000 3.2 HTTP POST Request sxh_vpnlic.php get_ip_addr_details ethname command injection] |
|---|
| Points | 20 |
|---|