Re: OS-Command Injection via UPnP Interface in multiple D-Link devices

Type securityvulns
Reporter Securityvulns
Modified 2013-07-10T00:00:00


I can concur these issues exist in several other models as well. In fact, on any UPnP enabled D-Link from 868L and down, merely selecting "Display Hidden Elements" inside the developer tool bar, will expose the entire administrative GUI.

Additional models I found the same bug, though I'm so sure that the latest firmware completely fixes the issues.

Wireless AC1200 Dual Band Gigabit Cloud Router DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Router DIR-860L Wireless N150 Home Router DIR-601 Wireless N 8-Port Router DIR-632