Different D-Link Routers are vulnerable to OS command injection via UPnP Multicast requests. This Metasploit module has been tested on DIR-300 and DIR-645 devices. Zacharia Cutlip has initially reported the DIR-815 vulnerable. Probably there are other devices also affected.
fa69b72b39331733dc17d58a1b790184d23e6c23fa2a9e676f656d47d0fcd96f