CVE-2018-19987

Published May 13, 2019

Last updated 2 years ago

CVSS critical 9.8

Overview

Description: D-Link DIR-822 Rev.B 202KRb06, DIR-822 Rev.C 3.10B06, DIR-860L Rev.B 2.03.B03, DIR-868L Rev.B 2.05B02, DIR-880L Rev.A 1.20B01_01_i3se_BETA, and DIR-890L Rev.A 1.21B02_BETA devices mishandle IsAccessPoint in /HNAP1/SetAccessPointMode. In the SetAccessPointMode.php source code, the IsAccessPoint parameter is saved in the ShellPath script file without any regex checking. After the script file is executed, the command injection occurs. A vulnerable /HNAP1/SetAccessPointMode XML message could have shell metacharacters in the IsAccessPoint element such as the `telnetd` string.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 10
Impact score: 10
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-78

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:d-link:dir-818lw_firmware:2.05.b03:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1A1B5838-62C0-4836-861C-8E99DD280154"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dir-818lw:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4725FC82-72B5-4EAB-91C6-D32194C5D4F9"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:d-link:dir-822_firmware:202krb06:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5224FC0A-44C6-4C4D-8EEC-BBA7BA13DF3D"
          },
          {
            "criteria": "cpe:2.3:o:dlink:dir-822_firmware:3.10b06:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DB427709-D236-4CA6-851C-95323D53DBEB"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dir-822:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B3894F0E-37F8-4A89-87AC-1DB524D4AE04"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:d-link:dir-860l_firmware:2.03.b03:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "54EA5944-7DCB-4D20-894F-D5A291684EAF"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dir-860l:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CCDB9720-8F5A-4F02-A436-920CDAC15D69"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:d-link:dir-868l_firmware:2.05b02:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "21680BA3-2C38-4E14-97F4-480F5B6EC3FB"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "33B501D4-BDDD-485E-A5A3-8AA8D5E46061"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:d-link:dir-880l_firmware:1.20b01_01_i3se:beta:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CFE416FB-A5D4-4383-B1E5-5DB8F93A3233"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dir-880l:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CC772491-6371-4712-B358-E74D9C5062FD"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:d-link:dir-890l\\/r_firmware:1.21b02:beta:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "41488604-8598-4929-9F2E-049CBE7B30F1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dir-890l\\/r:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8F65AC17-E770-4711-9D81-D7D76D5D66BF"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References