Primary

Context

D-Link DIR-880L Command Injection Vulnerability

Vulnerability

A critical command injection vulnerability has been identified in the D-Link DIR-880L router, specifically in versions up to 104WWb01. The issue arises in the request header handler, within the function sub_16570 of the file /htdocs/ssdpcgi. The vulnerability allows remote attackers to inject commands by manipulating the HTTP_ST, REMOTE_ADDR, REMOTE_PORT, and SERVER_ID headers. Exploitation of this vulnerability could lead to unauthorized execution of commands on the device.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the affected router.

Reproduction

To reproduce this vulnerability, send a request to the D-Link DIR-880L router on port 49152. Include a payload in the request headers that manipulates the HTTP_ST, REMOTE_ADDR, REMOTE_PORT, or SERVER_ID fields. The injected commands will be executed on the router, demonstrating the command injection vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

7.5

exploitability

9.1

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

7.5

exploitability

9.1

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

D-Link DIR-880L Command Injection Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

D-Link DIR-880L

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating