| 제목 | D-Link DIR-852 1.00CN B09 Command Injection |
|---|
| 설명 | A remote command injection vulnerability exists in the D-Link DIR-852 router, firmware version 1.00CNB09. This vulnerability is present in the device's Simple Service Discovery Protocol (SSDP) service and can be exploited by an authenticated attacker on the same local network.
The vulnerability arises because the ssdpcgi_main function fails to properly sanitize the ST (Search Target) field from incoming SSDP M-SEARCH request packets. The unsanitized input is directly concatenated into a string that is later executed by the system() function.
After successful authentication, an attacker can send a specially crafted network packet with a malicious payload in the ST header (e.g., injecting the telnetd command) to achieve arbitrary command execution with root privileges, potentially leading to a complete compromise of the router. |
|---|
| 원천 | ⚠️ https://github.com/i-Corner/cve/issues/30 |
|---|
| 사용자 | iC0rner (UID 82839) |
|---|
| 제출 | 2025. 09. 09. AM 08:54 (9 개월 ago) |
|---|
| 모더레이션 | 2025. 09. 17. PM 02:10 (8 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 324659 [D-Link DIR-852 1.00CN B09 Simple Service Discovery Protocol Service htodcs/cgibin ssdpcgi_main ST 권한 상승] |
|---|
| 포인트들 | 20 |
|---|