module
D-Link Devices UPnP SOAP Command Execution
Disclosed | Created |
---|---|
Jul 5, 2013 | May 30, 2018 |
Disclosed
Jul 5, 2013
Created
May 30, 2018
Description
Different D-Link Routers are vulnerable to OS command injection in the UPnP SOAP
interface. Since it is a blind OS command injection vulnerability, there is no
output for the executed command. This module has been tested on DIR-865 and DIR-645 devices.
interface. Since it is a blind OS command injection vulnerability, there is no
output for the executed command. This module has been tested on DIR-865 and DIR-645 devices.
Authors
Michael Messner devnull@s3cur1ty.de
juan vazquez juan.vazquez@metasploit.com
juan vazquez juan.vazquez@metasploit.com
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.