Bugtraq mailing list archives

Re: OS-Command Injection via UPnP Interface in multiple D-Link devices

From: krlovett () gmail com
Date: Mon, 8 Jul 2013 16:16:47 GMT

I can concur these issues exist in several other models as well. In fact, on any UPnP enabled D-Link from 868L and 
down, merely selecting "Display Hidden Elements" inside the developer tool bar, will expose the entire administrative 
GUI.

Additional models I found the same bug, though I'm so sure that the latest firmware completely fixes the issues.

Wireless AC1200 Dual Band Gigabit Cloud Router DIR-850L
Wireless AC1200 Dual Band Gigabit Cloud Router DIR-860L
Wireless N150 Home Router DIR-601
Wireless N 8-Port Router DIR-632

Current thread:

OS-Command Injection via UPnP Interface in multiple D-Link devices devnull (Jul 08)
- <Possible follow-ups>
- Re: OS-Command Injection via UPnP Interface in multiple D-Link devices krlovett (Jul 08)
- Re: OS-Command Injection via UPnP Interface in multiple D-Link devices devnull (Jul 08)