description

Author: m-1-k-3

modules/exploits/linux/http/dlink_dir615_up_exec.rb

@@ -17,8 +17,14 @@ class Metasploit3 < Msf::Exploit::Remote
 
 	def initialize(info = {})
 		super(update_info(info,
-			'Name'        => 'Dlink DIR615 Command Execution - Upload and Execute',
+			'Name'        => 'D-Link DIR615h Command Execution - Upload and Execute',
 			'Description' => %q{
+					Some D-Link Routers are vulnerable to an authenticated OS command injection.
+				Default credentials for the web interface are admin/admin or admin/password. Since
+				it is a blind os command injection vulnerability, there is no output for the
+				executed command when using the cmd generic payload. A ping command against a
+				controlled system could be used for testing purposes. The exploit uses the wget
+				client from the device to download the payload.
 			},
 			'Author'      =>
 				[