D-Link DIR-882 Router Command Injection Vulnerability

A command injection vulnerability has been identified in the D-Link DIR-882 Router running firmware DIR882A1_FW102B02. The issue arises in the 'prog.cgi' and 'rc' binaries, where user-supplied values for the 'SetSysLogSettings/IPAddress' are stored in NVRAM and later retrieved and executed as shell commands without proper sanitization. This vulnerability allows unauthenticated remote attackers to execute arbitrary commands on the device via crafted HTTP requests to the router's web interface.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the affected router.

Reproduction

To reproduce this vulnerability, send a POST request to '/cgi-bin/prog.cgi' with the 'SetSysLogSettings/IPAddress' parameter containing the injected command. The 'SetSysLogSettings/Enable' parameter should also be included to activate the syslog feature. Once the payload is injected and the syslogd command is executed, the injected command will be executed on the router.