| Título | D-Link Corporation D-Link DAR-7000-20-V3.2 DAR-7000-20-V3.2 Command Injection |
|---|
| Descripción | The D-Link DAR-7000 Internet Behavior Auditing Gateway is an Internet behavior management and auditing product. The DAR-7000-20-V3.2 version of this device contains a command execution vulnerability, allowing an attacker to gain server-level privileges.
The vulnerability occurs in the get_ip_addr_details function within the /view/vpn/sxh_vpn/sxh_vpnlic.php file. The $ethname parameter is passed directly into the $info variable and executed via the exec function, leading to a command execution vulnerability.
Here is the relevant code snippet:
$info = get_ip_addr_details($ethname);
exec($info);
Further down the code, it checks if the vdomain parameter is present in the POST request. If it is, it calls the vulnerable get_ip_addr_details function, where the indevice parameter is passed via POST and is user-controllable.
Code Analysis
In the code, the $ethname parameter is passed directly into the exec function without proper sanitization or validation, allowing attackers to inject arbitrary commands. By crafting a malicious POST request, attackers can exploit this vulnerability to execute arbitrary system commands. |
|---|
| Fuente | ⚠️ https://github.com/sjwszt/CVE/blob/main/CVE_1.md |
|---|
| Usuario | Calmc1 (UID 81647) |
|---|
| Sumisión | 2025-02-18 10:48 (hace 1 Año) |
|---|
| Moderación | 2025-02-28 21:09 (10 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 298030 [D-Link DAR-7000 3.2 HTTP POST Request sxh_vpnlic.php get_ip_addr_details ethname escalada de privilegios] |
|---|
| Puntos | 20 |
|---|