| tiêu đề | D-Link DIR-882 1.01B02 OS Command Injection |
|---|
| Mô tả | A command injection vulnerability was identified in D-Link DIR-882 Rev. A1 firmware v1.01B02. The HNAP1 SetNetworkSettings handler passes the user-supplied IPAddress parameter unsanitized into sprintf() and then system() in prog.cgi at offset 0x43511C. The only validation performed is a minimum string length check (>=7 characters). An authenticated attacker can inject arbitrary OS commands via shell metacharacters in the IPAddress field, achieving remote code execution as root. Exploitation was verified in QEMU emulation with GDB breakpoints confirming the injected payload reaching system(). |
|---|
| Nguồn | ⚠️ https://files.catbox.moe/ei31k1.zip |
|---|
| Người dùng | meshaal (UID 96796) |
|---|
| Đệ trình | 26/03/2026 17:39 (cách đây 1 tháng) |
|---|
| Kiểm duyệt | 08/04/2026 20:44 (13 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 356329 [D-Link DIR-882 1.01B02 HNAP1 SetNetworkSettings prog.cgi sprintf IPAddress nâng cao đặc quyền] |
|---|
| điểm | 17 |
|---|