D-Link DIR-890L and DIR-806A1 Command Injection Vulnerability

A critical command injection vulnerability has been identified in the D-Link DIR-890L and DIR-806A1 routers, specifically in versions through DIR-890L 108B03 and DIR-806A1 100CNb11. The vulnerability resides in the '/htdocs/soap.cgi' file, within the 'sub_175C8' function. This issue allows remote attackers to inject commands, potentially leading to arbitrary code execution. The vulnerability affects products that are no longer supported by the manufacturer.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the affected router.

Reproduction

To reproduce this vulnerability, send a request to the router's SOAP CGI interface, specifically targeting the 'sub_175C8' function. Inject commands through the request header to achieve remote command execution. This can be done by crafting a payload that exploits the command injection flaw and sending it to the router's port 49152.