| Title | Dlink DIR-615 v4.10 OS Command Injection |
|---|
| Description | A **command injection vulnerability** exists in the MAC Filter configuration logic of the D-Link **DIR-615** firmware.
The firmware fails to properly sanitize the MAC address input provided by the user. When applying the MAC filter settings, the backend PHP script constructs a shell command to update firewall rules (`iptables`). By injecting shell metacharacters into the MAC address field, an authenticated attacker can execute arbitrary system commands with **root privileges**. |
|---|
| Source | ⚠️ https://pentagonal-time-3a7.notion.site/DIR-615-MAC_FILTER-2e7e5dd4c5a58091b027f50271cc7c6a |
|---|
| User | Anonymous User |
|---|
| Submission | 01/13/2026 16:53 (5 months ago) |
|---|
| Moderation | 01/27/2026 21:08 (14 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 343118 [D-Link DIR-615 4.10 MAC Filter Configuration /adv_mac_filter.php mac os command injection] |
|---|
| Points | 17 |
|---|