| عنوان | D-Link DIR-513 1.10 RCE |
|---|
| الوصف | The web service of the DIR-513 device contains a security flaw when processing system commands. When the program receives a POST request to a specific endpoint (e.g., `/goform/formSysCmd`), it triggers the `formSysCmd` function. This function extracts the value of the `sysCmd` parameter from the request body using `websGetVar(a1, "sysCmd", ...)`. Without any sanitization or validation, this user-controlled input is passed directly into an `snprintf` function to construct a shell command string. The formatted string is then executed directly by the `system()` function. Due to the lack of input validation, an attacker can inject shell metacharacters (such as `;` or `&`) to execute arbitrary malicious commands (e.g., opening a telnet backdoor) on the underlying operating system with the privileges of the web service. |
|---|
| المصدر | ⚠️ https://github.com/InfiniteLin/Lin-s-CVEdb/blob/main/DIR-513/formSysCmd.pdf |
|---|
| المستخدم | AttackingLin (UID 88138) |
|---|
| ارسال | 05/03/2026 01:42 PM (3 أشهر منذ) |
|---|
| الاعتدال | 19/03/2026 09:29 PM (14 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 351755 [D-Link DIR-513 1.10 /goform/formSysCmd sysCmd تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|