D-Link DIR-615 OS Command Injection Vulnerability in Web Management Interface

A command injection vulnerability exists in the D-Link DIR-615 router, all versions through 4.10. The issue arises in the web management interface, specifically within the 'wiz_policy_3_machine.php' file. The vulnerability allows authenticated attackers to inject operating system commands by manipulating the 'ipaddr' parameter. This injected command is executed with root privileges, exploiting a flaw in how the router processes and validates input before applying policy changes. The vulnerability can be exploited remotely, but requires authentication.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the router's operating system, with root privileges. This could lead to unauthorized access, modification of system files, or other malicious activities that could compromise the device or the network it is connected to.

Reproduction

To reproduce this vulnerability, an authenticated user must access the web management interface of a D-Link DIR-615 router with firmware version 4.10 or earlier. Once logged in, the user can navigate to the policy wizard section and submit a crafted 'ipaddr' parameter that includes shell metacharacters. The router will then execute the injected command with root privileges, demonstrating the command injection flaw.