CVE-2021-44882

Vulnerability

A command injection vulnerability exists in the twsystem function of the D-Link DIR-878 router running firmware version v1.30B08_Hotfix_02 on hardware revision Ax [1]. The vulnerability is triggered by sending a specially crafted HNAP1 POST request to the twsystem function, which does not properly sanitize user input before executing system commands [1].

Exploitation

An attacker must have access to the local LAN segment where the device is connected [1]. No authentication is required because the HNAP1 interface is exposed on the LAN side. The attacker crafts an HNAP1 POST request with malicious payloads in parameters that are passed to the twsystem function, resulting in arbitrary command execution on the device [1].

Impact

Successful exploitation allows an attacker to execute arbitrary commands on the router with root privileges [1]. This can lead to full compromise of the device, including the ability to modify configuration, intercept traffic, and use the router as a pivot point for further network attacks [1].

Mitigation

D-Link has acknowledged the vulnerability and recommends updating firmware to a patched version once available [1]. As of the advisory date, no patch was released; users should monitor D-Link's support page for updates [1]. The device is not listed on the CISA KEV catalog. Users can reduce exposure by limiting access to the router's LAN interface and disabling remote HNAP if supported.