There is a command injection vulnerability in the ssdpcgi_main function of cgibin binary in D-Link DIR-815 router firmware v1.04.
The vulnerability is located in the ssdpcgi_main function in the cgibin executable file, which is part of the CGI interface of the router software. An attacker can provide crafted input containing malicious system commands, which are then interpreted and executed without proper data validation or sanitization. The attack vector is network-based, requires no authentication or user interaction, making this vulnerability exceptionally dangerous.
An attacker can gain full control over the device, with confidentiality, integrity and availability of the system being completely compromised — arbitrary commands can be executed with CGI process privileges, which may lead to router takeover, network configuration modification or further lateral movement in the network.
Apply patches available from the manufacturer according to the references. In the absence of updates, it is recommended to restrict access to the device's administrative panel exclusively to trusted hosts and disable unnecessary network services available from outside.
D-Link DIR-815 router with software version v1.04
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HDlink Dir 815
HWDlinkwszystkie wersjeDlink Dir 815 Firmware
OSDlink≤ 1.04
Related vulnerabilities
D-Link DIR-series — nieuwierzytelniony command injection w service.cgi (root RCE)
RCE w D-Link DIR-815 via command injection w soapcgi_main
D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have permission byp...
The remote administration interface in D-Link DIR-815 devices with firmware before 2.03.B02 allows remote atta...
The remote administration UI in D-Link DIR-815 devices with firmware before 2.07.B01 allows remote attackers t...