D-Link DIR-817L Command Injection Vulnerability Allowing Remote Code Execution

A critical command injection vulnerability has been identified in the D-Link DIR-817L router, affecting firmware versions through 1.04B01. The issue arises in the 'lxmldbc_system' function of the 'ssdpcgi' file, where the application improperly sanitizes environment variable inputs. This lack of effective filtering allows attackers to inject malicious commands that are executed via the 'system' function, potentially leading to arbitrary code execution on the device.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the affected router, with the possibility of executing malicious payloads such as reverse shells.

Reproduction

The vulnerability can be reproduced by sending a crafted SSDP (Simple Service Discovery Protocol) message that includes injected commands. This can be done using a tool like 'pwn', which automates the process of exploiting the command injection flaw. The injected command is executed on the router, demonstrating the successful exploitation of the vulnerability.