| Titel | Dlink DIR-615 v4.10 OS Command Injection |
|---|
| Beschreibung | A **command injection vulnerability** exists in the MAC Filter configuration logic of the D-Link **DIR-615** firmware.
The firmware fails to properly sanitize the MAC address input provided by the user. When applying the MAC filter settings, the backend PHP script constructs a shell command to update firewall rules (`iptables`). By injecting shell metacharacters into the MAC address field, an authenticated attacker can execute arbitrary system commands with **root privileges**. |
|---|
| Quelle | ⚠️ https://pentagonal-time-3a7.notion.site/DIR-615-MAC_FILTER-2e7e5dd4c5a58091b027f50271cc7c6a |
|---|
| Benutzer | Anonymous User |
|---|
| Einreichung | 13.01.2026 16:53 (vor 5 Monaten) |
|---|
| Moderieren | 27.01.2026 21:08 (14 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 343118 [D-Link DIR-615 4.10 MAC Filter Configuration /adv_mac_filter.php mac erweiterte Rechte] |
|---|
| Punkte | 17 |
|---|