CVE-2018-19988 — CRITICAL (9.8)

Vulnerability Description

In the /HNAP1/SetClientInfoDemo message, the AudioMute and AudioEnable parameters are vulnerable, and the vulnerabilities affect D-Link DIR-868L Rev.B 2.05B02 devices. In the SetClientInfoDemo.php source code, the AudioMute and AudioEnble parameters are saved in the ShellPath script file without any regex checking. After the script file is executed, the command injection occurs. It needs to bypass the wget command option with a single quote. A vulnerable /HNAP1/SetClientInfoDemo XML message could have single quotes and backquotes in the AudioMute or AudioEnable element, such as the '`telnetd`' string.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
D-Link	Dir-868L Firmware	2.05b02
Dlink	Dir-868L	-

Related Weaknesses (CWE)

CWE-78

References

https://github.com/pr0v3rbs/CVE/tree/master/CVE-2018-19986%20-%2019990ExploitThird Party Advisory
https://github.com/pr0v3rbs/CVE/tree/master/CVE-2018-19986%20-%2019990ExploitThird Party Advisory

FAQ

What is CVE-2018-19988?

CVE-2018-19988 is a vulnerability with a CVSS score of 9.8 (CRITICAL). In the /HNAP1/SetClientInfoDemo message, the AudioMute and AudioEnable parameters are vulnerable, and the vulnerabilities affect D-Link DIR-868L Rev.B 2.05B02 devices. In the SetClientInfoDemo.php sou...

How severe is CVE-2018-19988?

CVE-2018-19988 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2018-19988?

Check the references section above for vendor advisories and patch information. Affected products include: D-Link Dir-868L Firmware, Dlink Dir-868L.