5 results (0.011 seconds)

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1

An issue was discovered on D-Link DIR-818LW devices from 2.05.B03 to 2.06B01 BETA. There is a command injection in HNAP1 SetWanSettings via an XML injection of the value of the Gateway key. Se descubrió un error en los dispositivos D-Link DIR-818LW desde 2.05.B03 hasta 2.06B01 BETA, Hay una inyección de comandos en HNAP1 SetWanSettings a través de una inyección XML de los valores de la clave de Gateway • https://github.com/TeamSeri0us/pocs/blob/master/iot/dlink/dir818-2-protected.pdf • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1

An issue was discovered on D-Link DIR-818LW devices from 2.05.B03 to 2.06B01 BETA. There is a command injection in HNAP1 SetWanSettings via an XML injection of the value of the IPAddress key. Se descubrió un error en los dispositivos D-Link DIR-818LW desde 2.05.B03 hasta 2.06B01 BETA. Hay una inyección de comandos en HNAP1 SetWanSetting mediante una inyección XML de los valor de la clave IPAddress. • https://github.com/TeamSeri0us/pocs/blob/master/iot/dlink/dir818-protected.pdf • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 10.0EPSS: 58%CPEs: 13EXPL: 1

D-Link DIR-822 Rev.B 202KRb06, DIR-822 Rev.C 3.10B06, DIR-860L Rev.B 2.03.B03, DIR-868L Rev.B 2.05B02, DIR-880L Rev.A 1.20B01_01_i3se_BETA, and DIR-890L Rev.A 1.21B02_BETA devices mishandle IsAccessPoint in /HNAP1/SetAccessPointMode. In the SetAccessPointMode.php source code, the IsAccessPoint parameter is saved in the ShellPath script file without any regex checking. After the script file is executed, the command injection occurs. A vulnerable /HNAP1/SetAccessPointMode XML message could have shell metacharacters in the IsAccessPoint element such as the `telnetd` string. Se descubrió un problema en los dispositivos de D-Link DIR-822 Rev.B 202KRb06, DIR-822 Rev.C 3.10B06, DIR-860L Rev.B 2.03.B03, DIR-868L Rev.B 2.05B02, DIR-880L Rev.A 1.20B01_01_i3se_BETA, and DIR-890L Rev.A 1.21B02_BETA, manejan incorrectamente el parámetro IsAccessPoint en el archivo /HNAP1/SetAccessPointMode. • https://github.com/pr0v3rbs/CVE/tree/master/CVE-2018-19986%20-%2019990 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 1

In the /HNAP1/SetRouterSettings message, the RemotePort parameter is vulnerable, and the vulnerability affects D-Link DIR-818LW Rev.A 2.05.B03 and DIR-822 B1 202KRb06 devices. In the SetRouterSettings.php source code, the RemotePort parameter is saved in the $path_inf_wan1."/web" internal configuration memory without any regex checking. And in the IPTWAN_build_command function of the iptwan.php source code, the data in $path_inf_wan1."/web" is used with the iptables command without any regex checking. • https://github.com/pr0v3rbs/CVE/tree/master/CVE-2018-19986%20-%2019990 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 1

On D-Link DIR-818LW Rev.A 2.05.B03 and DIR-860L Rev.B 2.03.B03 devices, unauthenticated remote OS command execution can occur in the soap.cgi service of the cgibin binary via an "&&" substring in the service parameter. NOTE: this issue exists because of an incomplete fix for CVE-2018-6530. En los dispositivos DIR-818LW Rev.A 2.05.B03 y DIR-860L Rev.B 2.03.B03 de D-Link, la ejecución remota de comandos del sistema operativo podría ocurrir en el servicio de soap.cgi del binario cgibin mediante una subcadena "" en el parámetro "service". NOTA: este problema existe debido a una solución incompleta para CVE-2018-6530. • https://github.com/pr0v3rbs/CVE/tree/master/CVE-2018-20114 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •