D-Link Cookie command injection

Added: 07/30/2015

Background

D-Link produces a variety of routers, switches, and other network equipment for home users and businesses.

Problem

A command injection vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted cookie in an HTTP request.

Resolution

Apply a firmware upgrade which fixes this vulnerability when one becomes available.

References

https://github.com/darkarnium/secpub/tree/master/D-Link/DSP-W110

Limitations

Exploit works on D-Link DSP-W110 (Rev A) - v1.05b01.
Back to exploit index