D-Link DNS-343 ShareCenter Command Injection Vulnerability Allowing Remote Root Access

A command injection vulnerability has been identified in D-Link DNS-343 ShareCenter devices running firmware versions through 1.05. This vulnerability resides in the Mail Test feature, where the web maintenance script sends data to the internal goForm endpoint '/goform/Mail_Test'. The vulnerability arises because several form parameters are used directly in a system email utility call without adequate input validation. An unauthenticated remote attacker can exploit this by injecting shell commands through crafted form data, leading to command execution with root privileges on the device.

Impact

Exploitation of this vulnerability allows for unauthorized command execution as the root user on the affected device, potentially leading to complete control over the device.

Reproduction

To reproduce this vulnerability, send a POST request to the '/goform/Mail_Test' endpoint with injected commands in the 'f_smtpserver' field. The injected command will be executed on the device as the root user. For example, injecting a command to create a file in the '/tmp' directory can demonstrate successful exploitation.