CVE-2024-22651

Vulnerability

The vulnerability is a command injection in the ssdpcgi_main function of the cgibin binary in D-Link DIR-815 router firmware version 1.04 and earlier. The function obtains user-supplied data from the web interface via getenv and passes it directly to lxmldbc_system, a system wrapper, without any sanitization. This allows an attacker to inject arbitrary commands into the system call. [1]

Exploitation

An attacker with network access to the router's web interface can send a crafted request containing malicious command payloads. No authentication is required if the web interface is exposed. The attacker can reproduce the vulnerability by emulating the firmware using FirmAE and then executing the provided proof-of-concept code. [1]

Impact

Successful exploitation grants the attacker shell privileges on the device, enabling full compromise of the router. This includes the ability to intercept network traffic, modify configuration, compromise connected hosts, or launch further attacks. [1]

Mitigation

As of the publication date (2024-01-24), no official patch has been released. Users should restrict access to the router's web interface to trusted networks only. The affected firmware version v1.04 may be the final release for this device, suggesting that the product might be end-of-life; upgrading to a different router model is recommended. [1]