CVE-2018-19987 — CRITICAL (9.8)

Vulnerability Description

D-Link DIR-822 Rev.B 202KRb06, DIR-822 Rev.C 3.10B06, DIR-860L Rev.B 2.03.B03, DIR-868L Rev.B 2.05B02, DIR-880L Rev.A 1.20B01_01_i3se_BETA, and DIR-890L Rev.A 1.21B02_BETA devices mishandle IsAccessPoint in /HNAP1/SetAccessPointMode. In the SetAccessPointMode.php source code, the IsAccessPoint parameter is saved in the ShellPath script file without any regex checking. After the script file is executed, the command injection occurs. A vulnerable /HNAP1/SetAccessPointMode XML message could have shell metacharacters in the IsAccessPoint element such as the `telnetd` string.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
D-Link	Dir-818Lw Firmware	2.05.b03
Dlink	Dir-818Lw	-
D-Link	Dir-822 Firmware	202krb06
Dlink	Dir-822 Firmware	3.10b06
Dlink	Dir-822	-
D-Link	Dir-860L Firmware	2.03.b03
Dlink	Dir-860L	-
D-Link	Dir-868L Firmware	2.05b02
Dlink	Dir-868L	-
D-Link	Dir-880L Firmware	1.20b01_01_i3se
Dlink	Dir-880L	-
D-Link	Dir-890L\/R Firmware	1.21b02
Dlink	Dir-890L\/R	-

Related Weaknesses (CWE)

CWE-78

References

https://github.com/pr0v3rbs/CVE/tree/master/CVE-2018-19986%20-%2019990ExploitThird Party Advisory
https://github.com/pr0v3rbs/CVE/tree/master/CVE-2018-19986%20-%2019990ExploitThird Party Advisory

FAQ

What is CVE-2018-19987?

CVE-2018-19987 is a vulnerability with a CVSS score of 9.8 (CRITICAL). D-Link DIR-822 Rev.B 202KRb06, DIR-822 Rev.C 3.10B06, DIR-860L Rev.B 2.03.B03, DIR-868L Rev.B 2.05B02, DIR-880L Rev.A 1.20B01_01_i3se_BETA, and DIR-890L Rev.A 1.21B02_BETA devices mishandle IsAccessPo...

How severe is CVE-2018-19987?

CVE-2018-19987 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2018-19987?

Check the references section above for vendor advisories and patch information. Affected products include: D-Link Dir-818Lw Firmware, Dlink Dir-818Lw, D-Link Dir-822 Firmware, Dlink Dir-822 Firmware, Dlink Dir-822.