Submeter #737078: Dlink DIR-615 v4.10 OS Command Injectioninformação

TítuloDlink DIR-615 v4.10 OS Command Injection
DescriçãoA **command injection vulnerability** exists in the MAC Filter configuration logic of the D-Link **DIR-615** firmware. The firmware fails to properly sanitize the MAC address input provided by the user. When applying the MAC filter settings, the backend PHP script constructs a shell command to update firewall rules (`iptables`). By injecting shell metacharacters into the MAC address field, an authenticated attacker can execute arbitrary system commands with **root privileges**.
Fonte⚠️ https://pentagonal-time-3a7.notion.site/DIR-615-MAC_FILTER-2e7e5dd4c5a58091b027f50271cc7c6a
Utilizador
 Anonymous User
Submissão13/01/2026 16h53 (há 5 meses)
Moderação27/01/2026 21h08 (14 days later)
EstadoAceite
Entrada VulDB343118 [D-Link DIR-615 4.10 MAC Filter Configuration /adv_mac_filter.php mac Elevação de Privilégios]
Pontos17

VoltarVisão GeralPróximo

Interested in the pricing of exploits?

See the underground prices here!