D-Link DIR-816 Command Injection Vulnerability in Web Interface Routing Management

A command injection vulnerability has been identified in the D-Link DIR-816 router, specifically in the A2V1.1.0B05 firmware version. The issue resides within the web interface's routing management component, particularly in the '/goform/delRouting' endpoint. This vulnerability allows remote attackers to execute arbitrary commands on the device's operating system by manipulating the 'DR0' parameter.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the affected device.

Reproduction

To reproduce this vulnerability, first obtain the 'tokenid' required for authentication by sending a request to the 'dir_login.asp' page and extracting the token from the response. Once the token is obtained, send a POST request to the '/goform/delRouting' endpoint, including the 'tokenid' and the 'DR0' parameter with a crafted value that includes the desired command, such as 'reboot'.