D-Link DCS-931L OS Command Injection Vulnerability

A command injection vulnerability has been identified in the D-Link DCS-931L camera, affecting firmware versions up to 1.13.0. The vulnerability resides in the '/goform/setSysAdmin' file, where the 'AdminID' parameter is not properly sanitized before being executed as a shell command. This flaw allows authenticated attackers to inject and execute arbitrary operating system commands remotely, with root privileges.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the device, with root privileges.

Reproduction

To reproduce this vulnerability, send a POST request to '/goform/setSysAdmin' with the 'AdminID' parameter containing the injected command, such as 'telnetd', followed by a command injection payload. Include the 'Authorization' header with basic authentication credentials for an admin user.