CVE-2018-10823

An issue was discovered on D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. An authenticated attacker may execute arbitrary code by injecting the shell command into the chkisg.htm page Sip parameter. This allows for full control over the device internals.

CVSS v3.0 8.8 HIGH
CVSS v2.0 9.0 HIGH

8.8^/10

CVSS v3.0 : HIGH

Vector : AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

9.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 8.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://seclists.org/fulldisclosure/2018/Oct/36	Exploit Mailing List Third Party Advisory
http://sploit.tech/2018/10/12/D-Link.html	Exploit Third Party Advisory

Advertisement

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:d-link:dwr-116_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:d-link:dwr-116:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:d-link:dwr-512_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:d-link:dwr-512:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:d-link:dwr-912_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:d-link:dwr-912:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:d-link:dwr-111_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:d-link:dwr-111:-:*:*:*:*:*:*:*

Information

Published : 2018-10-17 07:29

Updated : 2019-10-02 17:03

NVD link : CVE-2018-10823

Mitre link : CVE-2018-10823

JSON object : View

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Advertisement

Products Affected

d-link

dwr-116
dwr-512_firmware
dwr-912_firmware
dwr-111
dwr-912
dwr-116_firmware
dwr-512
dwr-111_firmware

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://seclists.org/fulldisclosure/2018/Oct/36", "name": "20181012 Multiple vulnerabilities in D-Link routers", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "refsource": "FULLDISC"}, {"url": "http://sploit.tech/2018/10/12/D-Link.html", "name": "http://sploit.tech/2018/10/12/D-Link.html", "tags": ["Exploit", "Third Party Advisory"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "An issue was discovered on D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. An authenticated attacker may execute arbitrary code by injecting the shell command into the chkisg.htm page Sip parameter. This allows for full control over the device internals."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-78"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2018-10823", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "acInsufInfo": false, "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}}, "publishedDate": "2018-10-17T14:29Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:d-link:dwr-116_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.06"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:d-link:dwr-116:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:d-link:dwr-512_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "2.02"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:d-link:dwr-512:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:d-link:dwr-912_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "2.02"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:d-link:dwr-912:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:d-link:dwr-111_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.01"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:d-link:dwr-111:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2019-10-03T00:03Z"}