| Title | D-Link DIR-860L Rev.B 2.04.B04 Command Injection |
|---|
| Description | A critical unauthenticated command injection vulnerability was discovered in the firmware of the D-Link DIR-860L router. The vulnerability exists within the device's SSDP (Simple Service Discovery Protocol) service and allows a remote attacker to execute arbitrary system commands on a target device by sending a specially crafted M-SEARCH network packet.
The root cause of the vulnerability is that the application directly takes the value of the ST (Search Target) header from an SSDP request and concatenates it into a string that is passed to the system() function, without proper validation or sanitization. An attacker can exploit this flaw by injecting shell metacharacters (such as a semicolon) into the ST header to append and execute arbitrary commands, leading to remote code execution. |
|---|
| Source | ⚠️ https://github.com/i-Corner/cve/issues/17 |
|---|
| User | iC0rner (UID 82839) |
|---|
| Submission | 08/06/2025 20:29 (10 months ago) |
|---|
| Moderation | 08/14/2025 09:15 (8 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 320091 [D-Link DIR-860L 2.04.B04 Simple Service Discovery Protocol htdocs/cgibin ssdpcgi_main os command injection] |
|---|
| Points | 20 |
|---|