D-Link DIR-823X Command Injection Vulnerability via MAC Clone Function

A remote command injection vulnerability has been identified in the D-Link DIR-823X router, specifically in the 250416 firmware version. The issue arises in the '/goform/set_mac_clone' endpoint, where the 'mac' parameter is not properly sanitized. This oversight allows authenticated attackers to inject arbitrary operating system commands, which are executed with root privileges when the network service is restarted.

Impact

Exploitation of this vulnerability allows for authenticated remote command injection, with the injected commands executed as the root user.

Reproduction

To reproduce this vulnerability, an authenticated user must send a POST request to the '/goform/set_mac_clone' endpoint with a crafted 'mac' parameter that includes newline characters. This payload bypasses the inadequate input filtering and injects commands into the system shell. Once the command is executed, the network service can be restarted to trigger the execution of the injected commands.