CVE-2018-19989
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
In the /HNAP1/SetQoSSettings message, the uplink parameter is vulnerable, and the vulnerability affects D-Link DIR-822 Rev.B 202KRb06 and DIR-822 Rev.C 3.10B06 devices. In the SetQoSSettings.php source code, the uplink parameter is saved in the /bwc/entry:1/bandwidth and /bwc/entry:2/bandwidth internal configuration memory without any regex checking. And in the bwc_tc_spq_start, bwc_tc_wfq_start, and bwc_tc_adb_start functions of the bwcsvcs.php source code, the data in /bwc/entry:1/bandwidth and /bwc/entry:2/bandwidth is used with the tc command without any regex checking. A vulnerable /HNAP1/SetQoSSettings XML message could have shell metacharacters in the uplink element such as the `telnetd` string.
En el mensaje HNAP1/SetQoSSettings, el parámetro uplink es vulnerable y la vulnerabilidad afecta a los dispositivos D-Link DIR-822 Rev.B 202KRb06 y DIR-822 Rev.C 3.10B06. En el código fuente del archivo SetQoSSettings.php, el parámetro uplink se guarda en la memoria de configuración interna del /bwc/entry:1/bandwitch y /bwc/entry:2/bandwitch sin ninguna comprobación regex. Y en las funciones bwc_tc_spq_start, bwc_tc_wfq_start y bwc_tc_adb_start del código fuente de bwcsvcs.php, los datos en /bwc/entry:1/bandwidth y /bwc/entry:2/bandwidth se usan para el comando tc. Un mensaje XML vulnerable /HNAP1/ SetQoSSettings podría tener metacaracteres shell en el elemento uplink, como la cadena `telnetd`.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-12-09 CVE Reserved
- 2019-05-13 CVE Published
- 2023-04-27 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://github.com/pr0v3rbs/CVE/tree/master/CVE-2018-19986%20-%2019990 | 2024-08-05 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
D-link Search vendor "D-link" | Dir-822 Firmware Search vendor "D-link" for product "Dir-822 Firmware" | 202krb06 Search vendor "D-link" for product "Dir-822 Firmware" and version "202krb06" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dir-822 Search vendor "Dlink" for product "Dir-822" | - | - |
Safe
|
Dlink Search vendor "Dlink" | Dir-822 Firmware Search vendor "Dlink" for product "Dir-822 Firmware" | 3.10b06 Search vendor "Dlink" for product "Dir-822 Firmware" and version "3.10b06" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dir-822 Search vendor "Dlink" for product "Dir-822" | - | - |
Safe
|