| 제목 | D-Link Corporation D-Link DAR-7000-20-V3.2 DAR-7000-20-V3.2 Command Injection |
|---|
| 설명 | The D-Link DAR-7000 Internet Behavior Auditing Gateway is an Internet behavior management and auditing product. The DAR-7000-20-V3.2 version of this device contains a command execution vulnerability, allowing an attacker to gain server-level privileges.
The vulnerability occurs in the get_ip_addr_details function within the /view/vpn/sxh_vpn/sxh_vpnlic.php file. The $ethname parameter is passed directly into the $info variable and executed via the exec function, leading to a command execution vulnerability.
Here is the relevant code snippet:
$info = get_ip_addr_details($ethname);
exec($info);
Further down the code, it checks if the vdomain parameter is present in the POST request. If it is, it calls the vulnerable get_ip_addr_details function, where the indevice parameter is passed via POST and is user-controllable.
Code Analysis
In the code, the $ethname parameter is passed directly into the exec function without proper sanitization or validation, allowing attackers to inject arbitrary commands. By crafting a malicious POST request, attackers can exploit this vulnerability to execute arbitrary system commands. |
|---|
| 원천 | ⚠️ https://github.com/sjwszt/CVE/blob/main/CVE_1.md |
|---|
| 사용자 | Calmc1 (UID 81647) |
|---|
| 제출 | 2025. 02. 18. AM 10:48 (1 년도 ago) |
|---|
| 모더레이션 | 2025. 02. 28. PM 09:09 (10 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 298030 [D-Link DAR-7000 3.2 HTTP POST Request sxh_vpnlic.php get_ip_addr_details ethname 권한 상승] |
|---|
| 포인트들 | 20 |
|---|