CVE-2018-19988

CWE-78 — OS Command Injection3 documents3 sources

Severity

9.8CRITICAL

EPSS

25.5%

top 3.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

D-link Dir-868l Firmware

Timeline

PublishedMay 13

Latest updateMay 24

Description

In the /HNAP1/SetClientInfoDemo message, the AudioMute and AudioEnable parameters are vulnerable, and the vulnerabilities affect D-Link DIR-868L Rev.B 2.05B02 devices. In the SetClientInfoDemo.php source code, the AudioMute and AudioEnble parameters are saved in the ShellPath script file without any regex checking. After the script file is executed, the command injection occurs. It needs to bypass the wget command option with a single quote. A vulnerable /HNAP1/SetClientInfoDemo XML message coul…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDd-link/dir-868l_firmware2.05b02

🔴Vulnerability Details

GHSA

GHSA-cmxx-h695-3r7r: In the /HNAP1/SetClientInfoDemo message, the AudioMute and AudioEnable parameters are vulnerable, and the vulnerabilities affect D-Link DIR-868L Rev↗2022-05-24

▶

CVEList

CVE-2018-19988: In the /HNAP1/SetClientInfoDemo message, the AudioMute and AudioEnable parameters are vulnerable, and the vulnerabilities affect D-Link DIR-868L Rev↗2019-05-13

▶