Key Information 1. Vulnerability Overview Affected Product: D-Link DIR-823G Router Firmware Version: DIR823G_V1.0.2B05_20181207.bin (other versions need verification) Vulnerability Type: Command Injection Vulnerable Components: and binary files Prerequisites: Requires write access to the content of or the filesystem (local or remote) 2. Exploitation Path 3. Vulnerable Binary Files timelycheck and sysconf: This vulnerability exists independently in two binary files and does not cross binary boundaries. 4. 0-Day Command Injection Exploitation Path Line 14: reads content from . The code only checks the prefix using or , with no escaping or filtering. The input is then concatenated at line 20 via and ultimately passed to at line 36, leading to a command injection vulnerability. Line 14: reads content from . The code only checks the prefix using or , with no escaping or filtering. The input is then concatenated at line 21 via and ultimately passed to at line 36, leading to a command injection vulnerability. 5. Proof of Concept (PoC) ```bash Create a malicious configuration file echo "eth0; ls > /tmp/result.txt" > /var/system/linux_vlan_reinit echo "wlan0; ls > /tmp/result.txt" >> /var/system/linux_vlan_reinit