D-Link DIR-816 OS Command Injection Vulnerability

A critical OS command injection vulnerability has been identified in the D-Link DIR-816 router, specifically in the 1.10CNB05 firmware version. The issue arises in the 'qosClassifier' function within the file '/goform/qosClassifier', where the 'dip_address' and 'sip_address' arguments can be manipulated to inject and execute arbitrary OS commands. This vulnerability can be exploited remotely, without authentication, and affects products that are no longer supported by the manufacturer.

Impact

Exploitation of this vulnerability allows for arbitrary OS command execution on the affected device.

Reproduction

The vulnerability can be reproduced by sending a POST request to '/goform/qosClassifier' with crafted 'dip_address' or 'sip_address' parameters that are excessively long. This causes a stack overflow, which can be exploited to execute arbitrary code. The router will crash as a result, disrupting its normal service.