| tiêu đề | Dlink D-Link DIR‑818L Firmware versions ≤ v1.05B01 Remote Arbitrary Command Execution |
|---|
| Mô tả | The D-Link DIR‑818L is a wireless router developed by D-Link, primarily targeted at home and small office users.
A command injection vulnerability exists in the ssdpCgi component of the D-Link DIR‑818L router. The vulnerable program uses the getenv function to retrieve environment variables. An attacker can craft a malicious request that injects arbitrary commands into the parameters passed to the lxmldbc_system function. These commands are eventually executed via the system call, leading to remote command execution and potential full device compromise, such as establishing a reverse shell.
The program retrieves environment variables using getenv without adequately sanitizing special characters that can lead to command execution (e.g., semicolons ;, pipe symbols |, etc.). This insufficient filtering allows attackers to inject strings like ssdp:all+<malicious_command> into the input. The injected string is then passed into the lxmldbc_system function, which uses sprintf to construct the final command and executes it using system. As a result, the vulnerability enables remote attackers to exploit this flaw to execute arbitrary shell commands on the device, potentially gaining unauthorized access and control. |
|---|
| Nguồn | ⚠️ https://github.com/LonTan0/CVE/blob/main/Remote%20Arbitrary%20Command%20Execution%20Vulnerability%20in%20ssdpcgi%20of%20D-Link%20DIR%E2%80%91818L.md |
|---|
| Người dùng | LonTan0 (UID 84934) |
|---|
| Đệ trình | 03/08/2025 13:39 (cách đây 9 các tháng) |
|---|
| Kiểm duyệt | 13/08/2025 16:09 (10 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 319925 [D-Link DIR‑818L đến 1.05B01 ssdpcgi /htdocs/cgibin getenv nâng cao đặc quyền] |
|---|
| điểm | 20 |
|---|