D-Link DIR-823X OS Command Injection Vulnerability

A remote command injection vulnerability has been identified in the D-Link DIR-823X router, specifically in the 250416 version. The issue arises in the backend function sub_4211C8 within the /goform/set_filtering endpoint. This vulnerability allows authenticated attackers to execute arbitrary shell commands with root privileges by manipulating user-supplied parameters. The exploitation bypasses a basic blacklist filter, enabling the injection of commands through the newline character.

Impact

Exploitation of this vulnerability allows for unauthorized command execution on the router's operating system with root privileges.

Reproduction

To reproduce this vulnerability, an authenticated user can send a request to the /goform/set_filtering endpoint with crafted input that includes the newline character. This input will bypass the filter and inject commands into the execution context.