| عنوان | Dlink DIR-615 v4.10 OS Command Injection |
|---|
| الوصف | A **stored command injection vulnerability** exists in the URL Filtering configuration logic of the D-Link **DIR-615 (Rev D)** firmware.
The firmware fails to properly sanitize user input in the "URL" field when creating a new URL blocking rule. By injecting shell metacharacters into this field, an authenticated attacker can execute arbitrary system commands with **root privileges**.
The malicious command is first stored in a temporary session node, then committed to the device's configuration (NVRAM/RGDB), and finally executed when the firewall rules are regenerated. |
|---|
| المصدر | ⚠️ https://pentagonal-time-3a7.notion.site/D-Link-DIR-615-2e7e5dd4c5a580109a14fdeb6f105cd6 |
|---|
| المستخدم | Anonymous User |
|---|
| ارسال | 13/01/2026 04:02 PM (5 أشهر منذ) |
|---|
| الاعتدال | 27/01/2026 09:08 PM (14 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 343117 [D-Link DIR-615 4.10 URL Filter /set_temp_nodes.php تجاوز الصلاحيات] |
|---|
| النقاط | 17 |
|---|