| Título | Dlink DIR-615 v4.10 OS Command Injection |
|---|
| Descripción | A **command injection vulnerability** exists in the MAC Filter configuration logic of the D-Link **DIR-615** firmware.
The firmware fails to properly sanitize the MAC address input provided by the user. When applying the MAC filter settings, the backend PHP script constructs a shell command to update firewall rules (`iptables`). By injecting shell metacharacters into the MAC address field, an authenticated attacker can execute arbitrary system commands with **root privileges**. |
|---|
| Fuente | ⚠️ https://pentagonal-time-3a7.notion.site/DIR-615-MAC_FILTER-2e7e5dd4c5a58091b027f50271cc7c6a |
|---|
| Usuario | Anonymous User |
|---|
| Sumisión | 2026-01-13 16:53 (hace 5 meses) |
|---|
| Moderación | 2026-01-27 21:08 (14 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 343118 [D-Link DIR-615 4.10 MAC Filter Configuration /adv_mac_filter.php mac escalada de privilegios] |
|---|
| Puntos | 17 |
|---|