| Title | D-Link DIR-513 1.10 RCE |
|---|
| Description | The web service of the DIR-513 device contains a security flaw when processing system commands. When the program receives a POST request to a specific endpoint (e.g., `/goform/formSysCmd`), it triggers the `formSysCmd` function. This function extracts the value of the `sysCmd` parameter from the request body using `websGetVar(a1, "sysCmd", ...)`. Without any sanitization or validation, this user-controlled input is passed directly into an `snprintf` function to construct a shell command string. The formatted string is then executed directly by the `system()` function. Due to the lack of input validation, an attacker can inject shell metacharacters (such as `;` or `&`) to execute arbitrary malicious commands (e.g., opening a telnet backdoor) on the underlying operating system with the privileges of the web service. |
|---|
| Source | ⚠️ https://github.com/InfiniteLin/Lin-s-CVEdb/blob/main/DIR-513/formSysCmd.pdf |
|---|
| User | AttackingLin (UID 88138) |
|---|
| Submission | 03/05/2026 13:42 (3 months ago) |
|---|
| Moderation | 03/19/2026 21:29 (14 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 351755 [D-Link DIR-513 1.10 /goform/formSysCmd sysCmd os command injection] |
|---|
| Points | 20 |
|---|