📄 Description (English)
A vulnerability was found in D-Link DIR-615 4.10. This vulnerability affects unknown code of the file adv_routing.php of the component Web Configuration Interface. Performing a manipulation of the argument dest_ip/ submask/ gw results in os command injection. The attack may be initiated remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.
🤖 AI Executive Summary
A critical OS command injection vulnerability exists in D-Link DIR-615 firmware version 4.10 through the Web Configuration Interface's adv_routing.php file. Attackers can remotely execute arbitrary commands by manipulating routing parameters (dest_ip, submask, gw). With public exploits available and the device no longer receiving vendor support, this poses an immediate threat to organizations still deploying this legacy router model.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: May 9, 2026 06:11
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability primarily impacts Saudi telecommunications providers (STC, Mobily, Zain) and small-to-medium enterprises (SMEs) that may still operate legacy D-Link DIR-615 routers in their network infrastructure. Government agencies and critical infrastructure operators using this device for network segmentation face elevated risk of unauthorized access and lateral movement. Banking sector organizations with branch offices using this router model could experience network compromise affecting payment processing and customer data security. The lack of vendor support makes remediation particularly urgent for SAMA-regulated financial institutions.
🏢 Affected Saudi Sectors
Telecommunications (STC, Mobily, Zain)
Banking and Financial Services
Government and Public Administration
Healthcare
Energy and Utilities
Small and Medium Enterprises (SMEs)
Retail and E-commerce
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
8.2
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Identify all D-Link DIR-615 devices running firmware 4.10 in your network using network scanning tools
2. Isolate affected devices from critical network segments and restrict administrative access
3. Disable remote management features on the Web Configuration Interface
4. Implement network-level access controls to limit traffic to/from affected routers
PATCHING GUIDANCE:
1. Contact D-Link support for available firmware updates (note: device is end-of-life)
2. If patches are unavailable, plan immediate replacement with supported router models
3. Test any available firmware updates in isolated lab environment before deployment
COMPENSATING CONTROLS:
1. Deploy Web Application Firewall (WAF) rules to block malicious routing parameter inputs
2. Implement network segmentation to isolate router management interfaces
3. Enable logging and monitoring of adv_routing.php access attempts
4. Restrict administrative access to router web interface via IP whitelisting
5. Monitor for suspicious command execution patterns on affected devices
DETECTION RULES:
1. Alert on POST/GET requests to adv_routing.php containing shell metacharacters (|, ;, &, $, `, etc.)
2. Monitor for unusual process spawning from web server processes on router
3. Track failed authentication attempts to router management interface
4. Flag any firmware version 4.10 in network inventory reports
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تحديد جميع أجهزة D-Link DIR-615 التي تعمل بالإصدار 4.10 في شبكتك باستخدام أدوات المسح
2. عزل الأجهزة المتأثرة عن القطاعات الحرجة وتقييد الوصول الإداري
3. تعطيل ميزات الإدارة البعيدة على واجهة تكوين الويب
4. تطبيق عناصر تحكم الوصول على مستوى الشبكة لتحديد حركة المرور
إرشادات التصحيح:
1. التواصل مع دعم D-Link للحصول على تحديثات البرامج الثابتة المتاحة
2. إذا لم تكن التصحيحات متاحة، خطط للاستبدال الفوري بنماذج موجهات مدعومة
3. اختبر أي تحديثات برامج ثابتة متاحة في بيئة معزولة قبل النشر
عناصر التحكم التعويضية:
1. نشر قواعد جدار حماية تطبيقات الويب لحجب مدخلات معاملات التوجيه الضارة
2. تطبيق تقسيم الشبكة لعزل واجهات إدارة الموجه
3. تفعيل تسجيل ومراقبة محاولات الوصول إلى adv_routing.php
4. تقييد الوصول الإداري عبر قائمة بيضاء للعناوين
5. مراقبة أنماط تنفيذ الأوامر المريبة على الأجهزة المتأثرة
قواعد الكشف:
1. تنبيهات على طلبات POST/GET إلى adv_routing.php تحتوي على أحرف shell
2. مراقبة عمليات غير عادية من عمليات خادم الويب
3. تتبع محاولات المصادقة الفاشلة
4. وضع علامة على الإصدار 4.10 في تقارير الجرد
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.8.1 - Asset Management and Inventory Control
ECC 2024 A.12.6 - Management of Technical Vulnerabilities
ECC 2024 A.14.2 - System Development and Maintenance
ECC 2024 A.13.1 - Network Security
🔵 SAMA CSF
SAMA CSF ID.AM-1 - Physical Devices and Software Assets
SAMA CSF PR.IP-12 - Security Awareness and Training
SAMA CSF DE.CM-1 - Network Monitoring
SAMA CSF RS.MI-1 - Incident Response Planning
🟡 ISO 27001:2022
ISO 27001:2022 A.5.19 - Inventory of Information and Other Assets
ISO 27001:2022 A.8.2 - Configuration Management
ISO 27001:2022 A.8.8 - Management of Technical Vulnerabilities
ISO 27001:2022 A.12.2 - Restrictions on Information Access
🟣 PCI DSS v4.0.1
PCI DSS 2.4 - Document and Implement Configuration Standards
PCI DSS 6.2 - Ensure Security Patches are Installed
PCI DSS 11.2 - Run Automated Scanning Tools
🔗 References & Sources 5
🔗
https://pentagonal-time-3a7.notion.site/DIR-615-routing-command-injection-2f6e5dd4c5a58...
cna@vuldb.com
Exploit
Third Party Advisory
🔗
https://vuldb.com/?ctiid.344854
cna@vuldb.com
Permissions Required
VDB Entry
🔗
https://vuldb.com/?id.344854
cna@vuldb.com
Third Party Advisory
VDB Entry
🔗
https://vuldb.com/?submit.748032
cna@vuldb.com
Third Party Advisory
VDB Entry
🔗
https://www.dlink.com/
cna@vuldb.com
Product
📦 Affected Products / CPE 1 entries
dlink:dir-615_firmware:4.10