D-Link Routers OS Command Injection Vulnerability

A command injection vulnerability has been identified in several D-Link router models, including the DI-8100, DI-8100G, DI-8200, DI-8200G, DI-8003, and DI-8003G. The vulnerability exists in specific firmware versions and is triggered by the 'name' and 'hname' parameters in the 'usb_paswd.asp' file, within the 'jhttpd' component. This flaw allows remote attackers to execute arbitrary commands on the affected devices, potentially leading to full control over them.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the affected router, with the possibility of gaining full control over the device.

Reproduction

To reproduce this vulnerability, log into the router's web interface and navigate to the 'usb_paswd.asp' page. Once there, send a request that includes a crafted 'hname' parameter designed to inject and execute arbitrary commands on the router. For the DI-8100, DI-8200, and DI-8003 models running version 16.07.26A1, the 'name' parameter can be used instead of 'hname'.