| Название | D-Link DIR-852 1.00CN B09 Command Injection |
|---|
| Описание | A remote command injection vulnerability exists in the D-Link DIR-852 router, firmware version 1.00CNB09. This vulnerability is present in the device's Simple Service Discovery Protocol (SSDP) service and can be exploited by an authenticated attacker on the same local network.
The vulnerability arises because the ssdpcgi_main function fails to properly sanitize the ST (Search Target) field from incoming SSDP M-SEARCH request packets. The unsanitized input is directly concatenated into a string that is later executed by the system() function.
After successful authentication, an attacker can send a specially crafted network packet with a malicious payload in the ST header (e.g., injecting the telnetd command) to achieve arbitrary command execution with root privileges, potentially leading to a complete compromise of the router. |
|---|
| Источник | ⚠️ https://github.com/i-Corner/cve/issues/30 |
|---|
| Пользователь | iC0rner (UID 82839) |
|---|
| Представление | 09.09.2025 08:54 (9 месяцы назад) |
|---|
| Модерация | 17.09.2025 14:10 (8 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 324659 [D-Link DIR-852 1.00CN B09 Simple Service Discovery Protocol Service htodcs/cgibin ssdpcgi_main ST эскалация привилегий] |
|---|
| Баллы | 20 |
|---|