CVE-2018-19987
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
D-Link DIR-822 Rev.B 202KRb06, DIR-822 Rev.C 3.10B06, DIR-860L Rev.B 2.03.B03, DIR-868L Rev.B 2.05B02, DIR-880L Rev.A 1.20B01_01_i3se_BETA, and DIR-890L Rev.A 1.21B02_BETA devices mishandle IsAccessPoint in /HNAP1/SetAccessPointMode. In the SetAccessPointMode.php source code, the IsAccessPoint parameter is saved in the ShellPath script file without any regex checking. After the script file is executed, the command injection occurs. A vulnerable /HNAP1/SetAccessPointMode XML message could have shell metacharacters in the IsAccessPoint element such as the `telnetd` string.
Se descubrió un problema en los dispositivos de D-Link DIR-822 Rev.B 202KRb06, DIR-822 Rev.C 3.10B06, DIR-860L Rev.B 2.03.B03, DIR-868L Rev.B 2.05B02, DIR-880L Rev.A 1.20B01_01_i3se_BETA, and DIR-890L Rev.A 1.21B02_BETA, manejan incorrectamente el parámetro IsAccessPoint en el archivo /HNAP1/SetAccessPointMode. En el código fuente SetAccessPointMode.php, el parámetro IsAccessPoint es almacenado en el archivo de script ShellPath sin ninguna comprobación regex. después que se ejecute el archivo de script, se ocurre la inyección de comandos. Un mensaje XML vulnerable /HNAP1/SetAccessPointMode podría tener metacaracteres shell en el elemento IsAccessPoint, como la cadena `telnetd`.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-12-09 CVE Reserved
- 2019-05-13 CVE Published
- 2023-08-22 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/pr0v3rbs/CVE/tree/master/CVE-2018-19986%20-%2019990 | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| D-link Search vendor "D-link" | Dir-818lw Firmware Search vendor "D-link" for product "Dir-818lw Firmware" | 2.05.b03 Search vendor "D-link" for product "Dir-818lw Firmware" and version "2.05.b03" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dir-818lw Search vendor "Dlink" for product "Dir-818lw" | - | - |
Safe
|
| D-link Search vendor "D-link" | Dir-822 Firmware Search vendor "D-link" for product "Dir-822 Firmware" | 202krb06 Search vendor "D-link" for product "Dir-822 Firmware" and version "202krb06" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dir-822 Search vendor "Dlink" for product "Dir-822" | - | - |
Safe
|
| Dlink Search vendor "Dlink" | Dir-822 Firmware Search vendor "Dlink" for product "Dir-822 Firmware" | 3.10b06 Search vendor "Dlink" for product "Dir-822 Firmware" and version "3.10b06" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dir-822 Search vendor "Dlink" for product "Dir-822" | - | - |
Safe
|
| D-link Search vendor "D-link" | Dir-860l Firmware Search vendor "D-link" for product "Dir-860l Firmware" | 2.03.b03 Search vendor "D-link" for product "Dir-860l Firmware" and version "2.03.b03" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dir-860l Search vendor "Dlink" for product "Dir-860l" | - | - |
Safe
|
| D-link Search vendor "D-link" | Dir-868l Firmware Search vendor "D-link" for product "Dir-868l Firmware" | 2.05b02 Search vendor "D-link" for product "Dir-868l Firmware" and version "2.05b02" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dir-868l Search vendor "Dlink" for product "Dir-868l" | - | - |
Safe
|
| D-link Search vendor "D-link" | Dir-880l Firmware Search vendor "D-link" for product "Dir-880l Firmware" | 1.20b01_01_i3se Search vendor "D-link" for product "Dir-880l Firmware" and version "1.20b01_01_i3se" | beta |
Affected
| in | Dlink Search vendor "Dlink" | Dir-880l Search vendor "Dlink" for product "Dir-880l" | - | - |
Safe
|
| D-link Search vendor "D-link" | Dir-890l\/r Firmware Search vendor "D-link" for product "Dir-890l\/r Firmware" | 1.21b02 Search vendor "D-link" for product "Dir-890l\/r Firmware" and version "1.21b02" | beta |
Affected
| in | Dlink Search vendor "Dlink" | Dir-890l\/r Search vendor "Dlink" for product "Dir-890l\/r" | - | - |
Safe
|