An issue discovered in D-Link dir815 v.1.01SSb08.bin allows a remote attacker to execute arbitrary code via a crafted POST request to the service parameter in the soapcgi_main function of the cgibin binary component.
An attacker sends a crafted HTTP POST request to the device's CGI component, passing a malicious value in the 'service' parameter handled by the soapcgi_main function in the cgibin binary component. Lack of proper input validation (CWE-78 — command injection) causes the passed value to be interpreted as a system command and executed in the device's context. The attack is possible remotely, without authentication and without user interaction, making it particularly dangerous.
An attacker can execute arbitrary code on the vulnerable device, gaining full control over the router, including the ability to modify configuration, intercept network traffic, and use the device as an entry point for further attacks on the internal network.
Apply patches available from the manufacturer according to references. If an update is not available, it is recommended to restrict access to the device management interface through a firewall or isolate the device from untrusted networks, and consider replacing the device with a model actively supported by the manufacturer.
D-Link DIR-815 with firmware version 1.01SSb08.bin
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HDlink Dir 815
HWDlinkwszystkie wersjeDlink Dir 815 Firmware
OSDlink1.01ssb08.bin
Related vulnerabilities
D-Link DIR-series — nieuwierzytelniony command injection w service.cgi (root RCE)
Command injection w routerze D-Link DIR-815 — podatność krytyczna (CVSS 9.8)
D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have permission byp...
The remote administration interface in D-Link DIR-815 devices with firmware before 2.03.B02 allows remote atta...
The remote administration UI in D-Link DIR-815 devices with firmware before 2.07.B01 allows remote attackers t...