技术文章阅读-d-link-routers-found-vulnerable-rce

https://www.fortinet.com/blog/threat-research/d-link-routers-found-vulnerable-rce

影响的范围

• DIR-655
• DIR-866L
• DIR-652
• DHP-1565

貌似都是快要停止支持的产品了

 

总结：

一是未授权

二是没有做好参数过滤

 

值得注意的是后面提到了

If we try to input any special character, such as double quote, quote, semicolon, etc., the ping fails.

Unfortunately, if we pass the newline character, for example: 8.8.8.8%0als, we can perform the Command Injection attack.

 

只有通过换行才能执行命令，在cgi后台测试的时候可以注意下