Overview
- Description
- OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter.
- Source
- cve@mitre.org
- NVD status
- Modified
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 10
- Impact score
- 10
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:C/I:C/A:C
Known exploits
Data from CISA
- Vulnerability name
- D-Link Multiple Routers OS Command Injection Vulnerability
- Exploit added on
- Sep 8, 2022
- Exploit action due
- Sep 29, 2022
- Required action
- The vendor D-Link published an advisory stating the fix under CVE-2018-20114 properly patches KEV entry CVE-2018-6530. If the device is still supported, apply updates per vendor instructions. If the affected device has since entered its end-of-life, it should be disconnected if still in use.
Weaknesses
- nvd@nist.gov
- CWE-78
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-860l_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3887A644-753A-4CA3-9D79-0718057EEB3B",
"versionEndIncluding": "a1_fw110b04"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-860l:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "CCDB9720-8F5A-4F02-A436-920CDAC15D69"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-865l_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0624940E-9466-40BA-97E4-648537A092C0",
"versionEndIncluding": "reva_firmware_patch_1.08.b01"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "F3A853DF-6DF1-4E8E-8D55-95279EE0CB30"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DE2D4824-B834-41EA-8F70-AF12720030C9",
"versionEndIncluding": "a1_fw112b04"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "33B501D4-BDDD-485E-A5A3-8AA8D5E46061"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-880l_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2E9B68DE-D3A7-4973-9D47-7203B2190F82",
"versionEndIncluding": "reva_firmware_patch_1.08b04"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-880l:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "CC772491-6371-4712-B358-E74D9C5062FD"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]