| عنوان | D-Link DI-7100G C1: 2020/02/21, 24.04.18D1: 2024/04/18 Command Injection |
|---|
| الوصف | A command injection vulnerability exists in D-Link DI-7100G routers running firmware versions C1 and 24.04.18D1. The vulnerability is located in the start_proxy_client_email function within the rc file. The program constructs system commands using snprintf() and executes them via jhl_system(). When processing NVRAM configuration items such as ac_mng_srv_host, the input is not properly validated or sanitized and is directly concatenated into the command string. An attacker who can modify the relevant configuration fields and inject malicious content may execute arbitrary commands when the device starts or when the related function is triggered, potentially leading to full device compromise. |
|---|
| المصدر | ⚠️ https://github.com/glkfc/IoT-Vulnerability/blob/main/D-Link/Dlink_3.md |
|---|
| المستخدم | jfkk (UID 79868) |
|---|
| ارسال | 31/01/2026 03:41 PM (3 أشهر منذ) |
|---|
| الاعتدال | 07/02/2026 06:33 PM (7 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 344897 [D-Link DI-7100G C1 24.04.18D1 start_proxy_client_email تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|