D-Link DIR-868L B1 router firmware version FW2.05WWB02 contains an unauthenticated OS command injection vulnerability in the fileaccess.cgi component. The endpoint /dws/api/UploadFile accepts a pre_api_arg parameter that is passed directly to system-level shell execution functions without sanitization or authentication. Remote attackers can exploit this to execute arbitrary commands as root via crafted HTTP requests.
The fileaccess.cgi component exposes the endpoint /dws/api/UploadFile, which accepts the pre_api_arg parameter. The value of this parameter is passed directly to functions executing commands at the system shell level without any sanitization or authentication verification. An attacker can send a crafted HTTP request containing a malicious payload in the pre_api_arg parameter, resulting in the execution of arbitrary commands as root.
The attacker gains full control of the device with the highest privileges (root), which enables router takeover, network configuration modification, network traffic interception, and use of the device as an entry point to the internal network.
Patches available from the manufacturer should be applied according to references (D-Link Security Advisory SAP10397 available at supportannouncement.us.dlink.com). Until the update is deployed, it is recommended to restrict access to the router's management interface exclusively from trusted IP addresses and to disable remote access to the administrative panel from the WAN network side.
D-Link DIR-868L B1 with firmware version FW2.05WWb02
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HDlink Dir 868l
HWDlinkb1Dlink Dir 868l Firmware
OSDlink2.05b02
Related vulnerabilities
The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthent...
OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMW...
D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 was discovered to contain a buffer overflow via the acStack_50 ...
D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 was discovered to contain a buffer overflow via the param_2 par...
D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 was discovered to contain a buffer overflow via the param_2 par...