D-Link DIR-822 Rev.B 202KRb06, DIR-822 Rev.C 3.10B06, DIR-860L Rev.B 2.03.B03, DIR-868L Rev.B 2.05B02, DIR-880L Rev.A 1.20B01_01_i3se_BETA, and DIR-890L Rev.A 1.21B02_BETA devices mishandle IsAccessPoint in /HNAP1/SetAccessPointMode. In the SetAccessPointMode.php source code, the IsAccessPoint parameter is saved in the ShellPath script file without any regex checking. After the script file is executed, the command injection occurs. A vulnerable /HNAP1/SetAccessPointMode XML message could have shell metacharacters in the IsAccessPoint element such as the `telnetd` string.
References
Link | Resource |
---|---|
https://github.com/pr0v3rbs/CVE/tree/master/CVE-2018-19986%20-%2019990 | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Information
Published : 2019-05-13 07:29
Updated : 2019-10-02 17:03
NVD link : CVE-2018-19987
Mitre link : CVE-2018-19987
JSON object : View
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Products Affected
d-link
- dir-880l
- dir-868l_firmware
- dir-818lw
- dir-822_firmware
- dir-868l
- dir-890l\/r
- dir-818lw_firmware
- dir-822
- dir-880l_firmware
- dir-860l_firmware
- dir-860l
- dir-890l\/r_firmware