The D-Link DIR-867 is a wireless router from China Youxun (D-Link).A command injection vulnerability exists in the D-Link DIR-867, which is caused by a command injection vulnerability in the SetVirtualServerSettings function. By sending a carefully crafted request using the LocalIPAddress parameter, an attacker could exploit the vulnerability to execute arbitrary commands on the system.