D-Link DSL-7740C Command Injection Vulnerability in Backup Function

A command injection vulnerability has been identified in the D-Link DSL-7740C router, specifically in the firmware version DSL7740C.V6.TR069.20211230. The vulnerability arises in the backup function when accessed via SSH or Telnet, allowing remote execution of arbitrary commands with elevated privileges.

Impact

Exploitation of this vulnerability could lead to complete compromise of the device, allowing attackers to execute arbitrary commands with administrative rights. This could disrupt service, alter device configurations, manipulate traffic, and potentially breach the network perimeter to access sensitive areas of the network.

Reproduction

The vulnerability can be reproduced by sending a specially crafted payload through the backup function via SSH or Telnet. After logging in with administrative credentials, navigate to the '21. Configuration' menu and select '03 Backup.' During a ping test, enter a payload that includes a command, such as one that uses 'wget' to download a file to the device.