D-Link DIR-852 Command Injection Vulnerability

A critical command injection vulnerability has been identified in the D-Link DIR-852 router, specifically in version 1.00. The issue arises in the 'gena.cgi' file, where manipulation of the 'service' argument allows for arbitrary command execution with root privileges. This vulnerability can be exploited remotely, without any authentication, and affects devices that are no longer supported by the manufacturer.

Impact

Exploitation of this vulnerability allows for arbitrary command execution with root privileges on the affected device.

Reproduction

The vulnerability can be reproduced by sending a SUBSCRIBE request to the 'gena.cgi' endpoint. The 'service' argument must be manipulated to include a command, such as starting a telnet server on a specific port. This request can be sent using a tool like curl, with the appropriate headers to mimic a UPnP event subscription.