D-Link DIR-615 OS Command Injection Vulnerability in DMZ Host Feature

A command injection vulnerability has been identified in the D-Link DIR-615 router, specifically in version 4.10. This issue arises within the 'Advanced Firewall' settings, in the DMZ Host feature, where the 'dmz_ipaddr' parameter can be manipulated to inject operating system commands. The vulnerability can be exploited remotely by authenticated users with administrative access, allowing injected commands to be executed with root privileges.

Impact

Exploitation of this vulnerability allows for arbitrary operating system command execution with root privileges on the affected device.

Reproduction

To reproduce this vulnerability, an authenticated user with administrative rights must access the router's web interface and navigate to the 'Advanced Firewall' settings. Once there, the DMZ Host feature can be enabled. The user must then inject shell metacharacters into the 'dmz_ipaddr' parameter, which will be saved to the device's NVRAM. When the changes are applied, the injected commands will be executed by the system with root privileges.