Vulnerability Description
An issue was discovered on D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. An authenticated attacker may execute arbitrary code by injecting the shell command into the chkisg.htm page Sip parameter. This allows for full control over the device internals.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dlink | Dwr-116 Firmware | <= 1.06 |
| Dlink | Dwr-116 | - |
| Dlink | Dwr-512 Firmware | <= 2.02 |
| Dlink | Dwr-512 | - |
| Dlink | Dwr-912 Firmware | <= 2.02 |
| Dlink | Dwr-921 | - |
| Dlink | Dwr-111 Firmware | <= 1.01 |
| Dlink | Dwr-111 | - |
Related Weaknesses (CWE)
References
- http://sploit.tech/2018/10/12/D-Link.htmlExploitThird Party Advisory
- https://seclists.org/fulldisclosure/2018/Oct/36ExploitMailing ListThird Party Advisory
- http://sploit.tech/2018/10/12/D-Link.htmlExploitThird Party Advisory
- https://seclists.org/fulldisclosure/2018/Oct/36ExploitMailing ListThird Party Advisory
FAQ
What is CVE-2018-10823?
CVE-2018-10823 is a vulnerability with a CVSS score of 8.8 (HIGH). An issue was discovered on D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. An authenticated attac...
How severe is CVE-2018-10823?
CVE-2018-10823 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-10823?
Check the references section above for vendor advisories and patch information. Affected products include: Dlink Dwr-116 Firmware, Dlink Dwr-116, Dlink Dwr-512 Firmware, Dlink Dwr-512, Dlink Dwr-912 Firmware.