D-Link DIR-852 Command Injection Vulnerability in Web Management Interface
Vulnerability
A command injection vulnerability exists in the D-Link DIR-852 router, specifically in the web management interface's hedwig.cgi script. This issue is present in firmware version 1.00CN B09. The vulnerability arises from inadequate input validation, allowing authenticated attackers to inject malicious commands into the NTP server configuration. Once saved, these commands are executed with root privileges when the device synchronizes its time, leading to arbitrary command execution on the router.
Impact
Exploitation of this vulnerability allows for arbitrary command execution with root privileges on the affected device.
Reproduction
To reproduce this vulnerability, log into the D-Link DIR-852 router and navigate to the 'tools_time.php' page. Inject a command payload, such as 'telnetd -p 9999', into the NTP server field. The injected command will be executed when the time synchronization feature is used, allowing remote access to the router via Telnet.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.