D-Link DIR-816 Command Injection Vulnerability Allowing Arbitrary Command Execution

A command injection vulnerability has been identified in the D-Link DIR-816 A2V1.1.0B05 model. The issue resides in the web interface component, specifically within the 'iptablesWebsFilterRun' function. This vulnerability allows remote attackers to execute arbitrary commands by injecting malicious payloads through the 'websURLFilters' parameter. The injected commands are then executed via the system function, without any proper validation or sanitization.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the affected device.

Reproduction

To reproduce this vulnerability, first obtain the token ID by sending a request to the login page and extracting the token from the response. Then, send a POST request to '/goform/websHostFilterDelete' with the injected command, such as 'reboot', included in the 'websURLFilters' parameter, along with the token ID.