| 제목 | D-Link DIR-513 1.10 RCE |
|---|
| 설명 | The web service of the DIR-513 device contains a security flaw when processing system commands. When the program receives a POST request to a specific endpoint (e.g., `/goform/formSysCmd`), it triggers the `formSysCmd` function. This function extracts the value of the `sysCmd` parameter from the request body using `websGetVar(a1, "sysCmd", ...)`. Without any sanitization or validation, this user-controlled input is passed directly into an `snprintf` function to construct a shell command string. The formatted string is then executed directly by the `system()` function. Due to the lack of input validation, an attacker can inject shell metacharacters (such as `;` or `&`) to execute arbitrary malicious commands (e.g., opening a telnet backdoor) on the underlying operating system with the privileges of the web service. |
|---|
| 원천 | ⚠️ https://github.com/InfiniteLin/Lin-s-CVEdb/blob/main/DIR-513/formSysCmd.pdf |
|---|
| 사용자 | AttackingLin (UID 88138) |
|---|
| 제출 | 2026. 03. 05. PM 01:42 (3 개월 ago) |
|---|
| 모더레이션 | 2026. 03. 19. PM 09:29 (14 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 351755 [D-Link DIR-513 1.10 /goform/formSysCmd sysCmd 권한 상승] |
|---|
| 포인트들 | 20 |
|---|