Wouldn't the overlap between “people who run OpenWRT” and “people who use EOL D-Link routers” be "people who run OpenWRT on EOL D-Link routers"? The table of supported hardware at the OpenWRT site lists several D-Link models which can run the latest OpenWRT release, and several of them are marked as "discontinued" (that is, no longer sold), a few of them even being in that status for more than five years.
I don't know, I've installed openwrt on each device I've owned especially because their original firmware wasn't supported anymore (or crap to begin with).
Often because the cheap devices were either all I could afford or because I've even gotten them for free or basically free, like on flea markets.
It's also wrong. If the C code presented is accurate the URL would have to contain &name=%22;shell-command-to-run;%22, or perhaps &name=$(shell-command-to-run). name=%27;shell-command-to-run%27 is mostly harmless.
That's nit-picky I know, but when some dude on the internet is trying to get clicks via manufactured rage at incompetent programmers, it's kinda ironic his code is buggy too.
> The vulnerability is localized to the account_mgr.cgi script, particularly in the handling of the cgi_user_add command. The name parameter in this script does not adequately sanitize input, allowing for command execution.
which would be harmless, so clearly if the PoC says %27 then the real format string must be more like "adduser -u '%s' ...". Maybe the Youtuber reversed the wrong firmware. But nonetheless, the point is gotten across.
Haha similar story. I used to deliver pizzas and worked with a pretty rough crowd. Once I locked my car while it was running and had a bunch of deliveries. One of the cooks unlocked it in about five seconds.
There are a lot of companies that probably don’t have “official” partnerships with the govt but absolutely help them, like every social media company, OS maker, telecom, auto maker, and ISP.
