tags:iotauth_bypasscommand_injectiond-linkrouter original link: SSD ADVISORY: D-LINKÂ DIR-X4860 Security Vulnerabilities newsletter link: exploits.club Weekly Newsletter 22
Exploits Club Summary:
Sticking with the IoT bug theme, this SSD advisory demonstrates how to chain an auth bypass with a command execution to pop a D-Link device. The auth bypass results from an undocumented parameter which can be used to generate a PrivateKey based on the known username parameter. The command injection results from an attacker controlling the IP address when setting up the Virtual Server settings on the device, which is thrown straight into aÂ
FCGI_popen function.