D-Link DIR-878A1 Router Unauthenticated Command Injection Vulnerability

A command injection vulnerability allowing unauthenticated remote exploitation has been identified in the D-Link DIR-878A1 router, specifically in the firmware version FW101B04.bin. The issue arises in the 'SetNetworkSettings' function of 'prog.cgi', where user-supplied 'IPAddress' and 'SubnetMask' parameters are directly appended to shell commands executed via the system() function. This vulnerability enables attackers to execute arbitrary commands on the device.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the affected router.

Reproduction

To reproduce this vulnerability, send a POST request to '/cgi-bin/prog.cgi' with a payload that includes the 'IPAddress' and 'SubnetMask' parameters. The 'IPAddress' parameter can be crafted to include malicious commands, which will be executed on the router. Alternatively, the 'SubnetMask' parameter can be used to achieve the same effect. Both parameters can be injected simultaneously.