D-Link DIR-816 OS Command Injection Vulnerability

A critical command injection vulnerability has been identified in the D-Link DIR-816 router, specifically in the 1.10CNB05 firmware version. The issue arises in the 'setipsec_config' function within the '/goform/setipsec_config' file, where the 'localIP' and 'remoteIP' arguments can be manipulated to inject and execute arbitrary operating system commands. This vulnerability can be exploited remotely without authentication, and it affects products that are no longer supported by the manufacturer.

Impact

Exploitation of this vulnerability allows for arbitrary operating system command execution on the affected device.

Reproduction

To reproduce this vulnerability, send a POST request to '/goform/setipsec_config' with crafted 'localIP' and 'remoteIP' values that include the desired OS commands. After the injection is successful, trigger the 'IpsecAction' function to execute the injected commands. This can be done using a web browser or a tool like curl.