An issue discovered in D-Link dir815 v.1.01SSb08.bin allows a remote attacker to execute arbitrary code via a crafted POST request to the service parameter in the soapcgi_main function of the cgibin binary component.
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Link | Tags |
---|---|
https://github.com/WhereisRain/dir-815 | exploit third party advisory |
https://github.com/WhereisRain/dir-815/blob/main/README.md |