D-Link DSL-7740C Command Injection Vulnerability in Web Portal

A command injection vulnerability has been identified in the D-Link DSL-7740C modem, specifically in the firmware version DSL7740C.V6.TR069.20211230. The vulnerability arises in the web portal's settings function, where low privilege users can inject arbitrary commands by manipulating the EXE parameter in GET requests related to wireless settings configuration. This exploitation could lead to unauthorized command execution on the device, potentially allowing attackers to gain root access and control over the modem.

Impact

Exploitation of this vulnerability allows for unauthorized command execution on the affected device, typically with high privileges. This could result in complete control over the modem, enabling attackers to alter configurations, disrupt service, manipulate network traffic, and gain unauthorized access to the network infrastructure.

Reproduction

To reproduce this vulnerability, log in as a low privilege user and navigate to the wireless settings. Modify the EXE parameter to include a command injection payload, such as an echo command directed to a writable location on the device, like the /var/tmp directory. After submitting the request, the injected command will be executed, and the proof of exploitation can be verified by checking the output file created by the command injection.