| शीर्षक | D-Link DW V1.1.47 Command Injection |
|---|
| विवरण | A command injection vulnerability exists in the D-Link DWR-M961 4G LTE router firmware within the SMS management functionality.
The vulnerability is located in the function `sub_41A488` (referenced by `sub_4250E0`), which is invoked when the `/boafrm/formSmsManage` endpoint receives a request with the parameter `action_id` set to `"delete"`.
The function retrieves the `action_value` parameter (representing SMS message IDs to delete) and uses it to construct a system command via `sprintf`:
`sprintf(v7, "at-mngr AT+CMGD=%s", i);`
The variable `i` (derived from `action_value` via `strtok`) is not sanitized. The resulting string `v7` is passed directly to `system()`. This allows an authenticated attacker to append arbitrary shell commands using a semicolon (`;`) or other shell metacharacters. |
|---|
| स्रोत | ⚠️ https://github.com/QIU-DIE/CVE/issues/51 |
|---|
| उपयोगकर्ता | hhsw34 (UID 91076) |
|---|
| सबमिशन | 16/01/2026 02:30 PM (5 महीनों पहले) |
|---|
| संयम | 29/01/2026 03:49 PM (13 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 343384 [D-Link DWR-M961 1.1.47 SMS Message /boafrm/formSmsManage sub_4250E0 action_value अधिकार वृद्धि] |
|---|
| अंक | 20 |
|---|