D-Link DIR-822 Rev.B 202KRb06, DIR-822 Rev.C 3.10B06, DIR-860L Rev.B 2.03.B03, DIR-868L Rev.B 2.05B02, DIR-880L Rev.A 1.20B01_01_i3se_BETA, and DIR-890L Rev.A 1.21B02_BETA devices mishandle IsAccessPoint in /HNAP1/SetAccessPointMode. In the SetAccessPointMode.php source code, the IsAccessPoint parameter is saved in the ShellPath script file without any regex checking. After the script file is executed, the command injection occurs. A vulnerable /HNAP1/SetAccessPointMode XML message could have shell metacharacters in the IsAccessPoint element such as the `telnetd` string.
References
Link | Resource |
---|---|
https://github.com/pr0v3rbs/CVE/tree/master/CVE-2018-19986%20-%2019990 | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
History
26 Apr 2023, 19:27
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:h:d-link:dir-822:-:*:*:*:*:*:*:* cpe:2.3:o:d-link:dir-822_firmware:3.10b06:*:*:*:*:*:*:* cpe:2.3:h:d-link:dir-868l:-:*:*:*:*:*:*:* cpe:2.3:h:d-link:dir-890l\/r:-:*:*:*:*:*:*:* cpe:2.3:h:d-link:dir-860l:-:*:*:*:*:*:*:* cpe:2.3:h:d-link:dir-818lw:-:*:*:*:*:*:*:* |
cpe:2.3:h:dlink:dir-880l:-:*:*:*:*:*:*:* cpe:2.3:h:dlink:dir-860l:-:*:*:*:*:*:*:* cpe:2.3:h:dlink:dir-818lw:-:*:*:*:*:*:*:* cpe:2.3:h:dlink:dir-822:-:*:*:*:*:*:*:* cpe:2.3:h:dlink:dir-890l\/r:-:*:*:*:*:*:*:* cpe:2.3:o:dlink:dir-822_firmware:3.10b06:*:*:*:*:*:*:* cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:* |
Information
Published : 2019-05-13 14:29
Updated : 2024-02-04 20:20
NVD link : CVE-2018-19987
Mitre link : CVE-2018-19987
CVE.ORG link : CVE-2018-19987
JSON object : View
Products Affected
d-link
- dir-860l_firmware
- dir-822_firmware
- dir-890l\/r_firmware
- dir-880l_firmware
- dir-818lw_firmware
- dir-868l_firmware
dlink
- dir-868l
- dir-818lw
- dir-860l
- dir-890l\/r
- dir-822_firmware
- dir-880l
- dir-822
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')