CVE-2018-10822
D-Link Routers - Directory Traversal
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
3Exploited in Wild
-Decision
Descriptions
Directory traversal vulnerability in the web interface on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices allows remote attackers to read arbitrary files via a /.. or // after "GET /uir" in an HTTP request. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-6190.
Vulnerabilidad de salto de directorio en la interfaz web en dispositivos D-Link DWR-116 hasta la versión 1.06, DIR-140L hasta la versión 1.02, DIR-640L hasta la versión 1.02, DWR-512 hasta la versión 2.02, DWR-712 hasta la versión 2.02, DWR-912 hasta la versión 2.02, DWR-921 hasta la versión 2.02 y DWR-111 hasta la versión 1.01 permite que atacantes remotos lean archivos arbitrarios mediante /.. o // tras "GET /uir" en una petición HTTP. NOTA: Esta vulnerabilidad existe debido a una solución incorrecta para CVE-2017-6190.
Multiple D-Link router models suffer from code execution, plain-text password storage, and directory traversal vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-05-08 CVE Reserved
- 2018-10-12 First Exploit
- 2018-10-17 CVE Published
- 2024-08-01 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (3)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/45678 | 2018-10-12 | |
http://sploit.tech/2018/10/12/D-Link.html | 2024-08-05 | |
https://seclists.org/fulldisclosure/2018/Oct/36 | 2024-08-05 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Dlink Search vendor "Dlink" | Dwr-116 Firmware Search vendor "Dlink" for product "Dwr-116 Firmware" | <= 1.06 Search vendor "Dlink" for product "Dwr-116 Firmware" and version " <= 1.06" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dwr-116 Search vendor "Dlink" for product "Dwr-116" | - | - |
Safe
|
Dlink Search vendor "Dlink" | Dir-140l Firmware Search vendor "Dlink" for product "Dir-140l Firmware" | <= 1.02 Search vendor "Dlink" for product "Dir-140l Firmware" and version " <= 1.02" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dir-140l Search vendor "Dlink" for product "Dir-140l" | - | - |
Safe
|
Dlink Search vendor "Dlink" | Dir-640l Firmware Search vendor "Dlink" for product "Dir-640l Firmware" | <= 1.02 Search vendor "Dlink" for product "Dir-640l Firmware" and version " <= 1.02" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dir-640l Search vendor "Dlink" for product "Dir-640l" | - | - |
Safe
|
Dlink Search vendor "Dlink" | Dwr-512 Firmware Search vendor "Dlink" for product "Dwr-512 Firmware" | <= 2.02 Search vendor "Dlink" for product "Dwr-512 Firmware" and version " <= 2.02" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dwr-512 Search vendor "Dlink" for product "Dwr-512" | - | - |
Safe
|
Dlink Search vendor "Dlink" | Dwr-712 Firmware Search vendor "Dlink" for product "Dwr-712 Firmware" | <= 2.02 Search vendor "Dlink" for product "Dwr-712 Firmware" and version " <= 2.02" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dwr-712 Search vendor "Dlink" for product "Dwr-712" | - | - |
Safe
|
Dlink Search vendor "Dlink" | Dwr-912 Firmware Search vendor "Dlink" for product "Dwr-912 Firmware" | <= 2.02 Search vendor "Dlink" for product "Dwr-912 Firmware" and version " <= 2.02" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dwr-921 Search vendor "Dlink" for product "Dwr-921" | - | - |
Safe
|
Dlink Search vendor "Dlink" | Dwr-921 Firmware Search vendor "Dlink" for product "Dwr-921 Firmware" | <= 2.02 Search vendor "Dlink" for product "Dwr-921 Firmware" and version " <= 2.02" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dwr-921 Search vendor "Dlink" for product "Dwr-921" | - | - |
Safe
|
Dlink Search vendor "Dlink" | Dwr-111 Firmware Search vendor "Dlink" for product "Dwr-111 Firmware" | <= 1.01 Search vendor "Dlink" for product "Dwr-111 Firmware" and version " <= 1.01" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dwr-111 Search vendor "Dlink" for product "Dwr-111" | - | - |
Safe
|