D-Link DI-7100G Command Injection Vulnerability in Proxy Client Email Function

A command injection vulnerability has been identified in the D-Link DI-7100G router, specifically in the C1 firmware version 24.04.18D1. The issue arises in the 'start_proxy_client_email' function, where user-controlled input from NVRAM configuration items is not properly sanitized before being executed as a system command. This flaw allows remote attackers to inject malicious commands that are executed with system privileges, potentially leading to full device compromise.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the affected device. This could result in unauthorized remote control, disruption of device functionality, leakage of sensitive information, or the execution of backdoor services such as a telnet daemon.

Reproduction

To reproduce this vulnerability, modify the NVRAM configuration items 'ac_mng_srv_host', 'proxy_http_srvport', 'lan_ipaddr', or 'http_lanport' to include malicious commands. Once the device is restarted or the 'start_proxy_client_email' function is triggered, the injected commands will be executed, demonstrating the command injection vulnerability.