CVE-2018-5371

diag_ping.cmd on D-Link DSL-2640U devices with firmware IM_1.00 and ME_1.00, and DSL-2540U devices with firmware ME_1.00, allows authenticated remote attackers to execute arbitrary OS commands via shell metacharacters in the ipaddr field of an HTTP GET request.
References
Link Resource
https://www.iplantom.com/2018/01/10/dsl2640U/ Exploit Technical Description Third Party Advisory URL Repurposed
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:d-link:dsl-2540u_firmware:me_1.00:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dsl-2540u:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:o:d-link:dsl-2640u_firmware:im_1.00:*:*:*:*:*:*:*
cpe:2.3:o:d-link:dsl-2640u_firmware:me_1.00:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dsl-2640u:-:*:*:*:*:*:*:*

History

14 Feb 2024, 01:17

Type Values Removed Values Added
References () https://www.iplantom.com/2018/01/10/dsl2640U/ - Exploit, Technical Description, Third Party Advisory () https://www.iplantom.com/2018/01/10/dsl2640U/ - Exploit, Technical Description, Third Party Advisory, URL Repurposed

26 Apr 2023, 18:55

Type Values Removed Values Added
CPE cpe:2.3:h:d-link:dsl-2640u:-:*:*:*:*:*:*:*
cpe:2.3:h:d-link:dsl-2540u:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dsl-2640u:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dsl-2540u:-:*:*:*:*:*:*:*

Information

Published : 2018-01-12 09:29

Updated : 2024-02-14 01:17


NVD link : CVE-2018-5371

Mitre link : CVE-2018-5371

CVE.ORG link : CVE-2018-5371


JSON object : View

Products Affected

dlink

  • dsl-2640u
  • dsl-2540u

d-link

  • dsl-2540u_firmware
  • dsl-2640u_firmware
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')