| tiêu đề | D-Link DI-7100G C1, 24.04.18D1 Command Injection |
|---|
| Mô tả | A command injection vulnerability exists in D-Link DI-7100G routers running firmware versions C1 (updated on 2020/02/21) and 24.04.18D1 (updated on 2024/04/18). The vulnerability is located in the set_jhttpd_info function. Specifically, the program constructs a shell command using sprintf(v24, "echo \"%s = %s\" > /etc/smbusers", "smbguest", def); and subsequently executes it via system(v24);.
Within this function, the value of the usb_username configuration item is retrieved using jhl_nv_get_def("usb_username") and directly concatenated into the echo command without proper sanitization. If an attacker can modify the usb_username field in the configuration file to include malicious command payloads (e.g., $(mkdir /aaa)login), the injected commands will be executed when the device boots or when the vulnerable function is triggered, potentially resulting in arbitrary command execution and full device compromise. |
|---|
| Nguồn | ⚠️ https://github.com/glkfc/IoT-Vulnerability/blob/main/D-Link/Dlink_4.md |
|---|
| Người dùng | jfkk (UID 79868) |
|---|
| Đệ trình | 31/01/2026 15:39 (cách đây 3 các tháng) |
|---|
| Kiểm duyệt | 07/02/2026 18:33 (7 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 344896 [D-Link DI-7100G C1 24.04.18D1 set_jhttpd_info usb_username nâng cao đặc quyền] |
|---|
| điểm | 20 |
|---|