| عنوان | Dlink DIR-615 v4.10 OS Command Injection |
|---|
| الوصف | A **command injection vulnerability** exists in the MAC Filter configuration logic of the D-Link **DIR-615** firmware.
The firmware fails to properly sanitize the MAC address input provided by the user. When applying the MAC filter settings, the backend PHP script constructs a shell command to update firewall rules (`iptables`). By injecting shell metacharacters into the MAC address field, an authenticated attacker can execute arbitrary system commands with **root privileges**. |
|---|
| المصدر | ⚠️ https://pentagonal-time-3a7.notion.site/DIR-615-MAC_FILTER-2e7e5dd4c5a58091b027f50271cc7c6a |
|---|
| المستخدم | Anonymous User |
|---|
| ارسال | 13/01/2026 04:53 PM (5 أشهر منذ) |
|---|
| الاعتدال | 27/01/2026 09:08 PM (14 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 343118 [D-Link DIR-615 4.10 MAC Filter Configuration /adv_mac_filter.php mac تجاوز الصلاحيات] |
|---|
| النقاط | 17 |
|---|