D-Link DIR-816 Command Injection Vulnerability in Port Forwarding Function

A command injection vulnerability has been identified in the D-Link DIR-816 router, specifically in firmware version 1.10CNB05_R1B011D88210. The issue arises in the 'portForward' function, where the 'ip_address' parameter is inadequately validated. This flaw allows for remote exploitation, as the manipulated 'ip_address' is eventually executed as a command via the router's system interface.

Impact

Exploitation of this vulnerability allows for stored command injection, where the injected command is executed when the router's firewall rules are applied.

Reproduction

To reproduce this vulnerability, send a request to the 'goform/portForward' endpoint with a crafted 'ip_address' parameter that includes command metacharacters. The 'portForward' handler will accept the manipulated IP address without proper sanitization, injecting it into the 'PortForwardRules' variable. Once the rule is saved, the router will execute the injected command when the firewall rules are applied.