D-Link DIR-882 Router Command Injection Vulnerability

A command injection vulnerability has been identified in the D-Link DIR-882 Router firmware DIR882A1_FW102B02. The issue arises in the 'prog.cgi' and 'rc' binaries, where user-supplied email configuration parameters are stored in NVRAM and later retrieved and executed as shell commands without proper sanitization. This vulnerability allows unauthenticated remote attackers to execute arbitrary commands on the device via crafted HTTP requests to the router's web interface.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the affected router.

Reproduction

To reproduce this vulnerability, send a POST request to '/cgi-bin/prog.cgi' with crafted email settings that include injected commands, such as in the 'SMTPServerPort' field. The 'EmailFrom', 'EmailTo', 'SMTPServerAddress', and 'AccountName' fields must also be populated. Once the router processes this request, the injected command will be executed on the device.