Firmware file is attached.
Or you can download firmware at https://www.mydlink.co.kr/2013/beta_board/product_detail.php?no=119&model=DIR-815
Vendor : DLink
Product : DIR-815 Router
Vulnerability Type : Command Injection
Affected Version : Firmware version <= v1.04
Description : There is command injection vulnerability in ssdpcgi_main function of cgibin binary in **DIR-815 router firmware version <= v1.04.
In this function, obtains the data from web interface via getenv, and directly pass to lxmldbc_system without any filtering.
lxmldbc_system is system wrapper function.
Due to this vulnerability, attacker can inject commands and gains shell privileges.
PoC code is attached.
To reproduce this vulnerability, you can emulate firmware by using FirmAE(https://github.com/pr0v3rbs/FirmAE)
If emulation is success, you can access web interface
Finally, run the PoC code.
