Sign-up

ID

VAR-201803-1769


CVE

CVE-2018-6530


TITLE

plural D-Link In product OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-002681

DESCRIPTION

OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter. plural D-Link The product includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDIR-880L and others are all wireless router products of D-Link. An operating system command injection vulnerability exists in the soap.cgi file in several D-Link products. A remote attacker can exploit this vulnerability to execute arbitrary operating system commands with the help of the \342\200\230service\342\200\231 parameter. The following products and versions are affected: DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and earlier; DIR-868L DIR868LA1_FW112b04 and earlier; DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and earlier; DIR-860L and earlier DIR410b_

Trust: 2.34

sources: NVD: CVE-2018-6530 // JVNDB: JVNDB-2018-002681 // CNVD: CNVD-2018-06671 // VULHUB: VHN-136562 // VULMON: CVE-2018-6530

IOT TAXONOMY

category:['IoT', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-06671

AFFECTED PRODUCTS

vendor:dlinkmodel:dir-865lscope:lteversion:reva_firmware_patch_1.08.b01

Trust: 1.0

vendor:dlinkmodel:dir-868lscope:lteversion:a1_fw112b04

Trust: 1.0

vendor:dlinkmodel:dir-880lscope:lteversion:reva_firmware_patch_1.08b04

Trust: 1.0

vendor:dlinkmodel:dir-860lscope:lteversion:a1_fw110b04

Trust: 1.0

vendor:d linkmodel:dir-860lscope:lteversion:dir860la1_fw110b04

Trust: 0.8

vendor:d linkmodel:dir-865lscope:lteversion:dir-865l_reva_firmware_patch_1.08.b01

Trust: 0.8

vendor:d linkmodel:dir-868lscope:lteversion:dir868la1_fw112b04

Trust: 0.8

vendor:d linkmodel:dir-880lscope:lteversion:dir-880l_reva_firmware_patch_1.08b04

Trust: 0.8

vendor:d linkmodel:dir-880l <dir-880l reva patch 1.08b04scope: - version: -

Trust: 0.6

vendor:d linkmodel:dir-860l <=dir860la1 fw110b04scope: - version: -

Trust: 0.6

vendor:d linkmodel:dir-865l <=dir-865l reva patch 1.08.b01scope: - version: -

Trust: 0.6

vendor:d linkmodel:dir-860lscope:eqversion:a1_fw110b04

Trust: 0.6

vendor:d linkmodel:dir-865lscope:eqversion:reva_firmware_patch_1.08.b01

Trust: 0.6

vendor:d linkmodel:dir-868lscope:eqversion:a1_fw112b04

Trust: 0.6

vendor:d linkmodel:dir-880lscope:eqversion:reva_firmware_patch_1.08b04

Trust: 0.6

sources: CNVD: CNVD-2018-06671 // JVNDB: JVNDB-2018-002681 // CNNVD: CNNVD-201803-149 // NVD: CVE-2018-6530

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-6530
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-6530
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2018-06671
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201803-149
value: CRITICAL

Trust: 0.6

VULHUB: VHN-136562
value: HIGH

Trust: 0.1

VULMON: CVE-2018-6530
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-6530
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2018-06671
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-136562
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-6530
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2018-6530
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2018-06671 // VULHUB: VHN-136562 // VULMON: CVE-2018-6530 // JVNDB: JVNDB-2018-002681 // CNNVD: CNNVD-201803-149 // NVD: CVE-2018-6530

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.9

sources: VULHUB: VHN-136562 // JVNDB: JVNDB-2018-002681 // NVD: CVE-2018-6530

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-149

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201803-149

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-002681

PATCH
title:DIR-860L Firmware Patch Notesurl:ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf
Trust: 0.8
title:DIR-865L Firmware Patch Notesurl:ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf
Trust: 0.8
title:DIR-868L Firmware Patch Notesurl:ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf
Trust: 0.8
title:DIR-880L Firmware Patch Notesurl:ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-880L/REVA/DIR-880L_REVA_FIRMWARE_PATCH_NOTES_1.08B06_EN_WW.pdf
Trust: 0.8
title:Patches for multiple D-Link product operating system command injection vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/124231
Trust: 0.6
title: - url:https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto 
Trust: 0.1
title:EQUAFL_setup
USAGE
EQUAFL++
AFLPlusplus
Server
COMMAND INJECTION INFO
root cause analysisurl:https://github.com/zyw-200/EQUAFL_setup 
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-06671 // 
            
            
            
            VULMON: CVE-2018-6530 // 
            
            
            
            JVNDB: JVNDB-2018-002681

EXTERNAL IDS
db:NVDid:CVE-2018-6530
Trust: 3.2
db:JVNDBid:JVNDB-2018-002681
Trust: 0.8
db:CNVDid:CNVD-2018-06671
Trust: 0.6
db:CNNVDid:CNNVD-201803-149
Trust: 0.6
db:VULHUBid:VHN-136562
Trust: 0.1
db:VULMONid:CVE-2018-6530
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-06671 // 
            
            
            
            VULHUB: VHN-136562 // 
            
            
            
            VULMON: CVE-2018-6530 // 
            
            
            
            JVNDB: JVNDB-2018-002681 // 
            
            
            
            CNNVD: CNNVD-201803-149 // 
            
            
            
            NVD: CVE-2018-6530

REFERENCES
url:https://github.com/thebeeman/pwning-multiple-dlink-router-via-soap-proto
Trust: 2.5
url:ftp://ftp2.dlink.com/security_advisements/dir-860l/reva/dir-860l_reva_firmware_patch_notes_1.11b01_en_ww.pdf
Trust: 1.2
url:ftp://ftp2.dlink.com/security_advisements/dir-868l/reva/dir-868l_reva_firmware_patch_notes_1.20b01_en_ww.pdf
Trust: 1.2
url:ftp://ftp2.dlink.com/security_advisements/dir-865l/reva/dir-865l_reva_firmware_patch_notes_1.10b01_en_ww.pdf
Trust: 1.2
url:ftp://ftp2.dlink.com/security_advisements/dir-880l/reva/dir-880l_reva_firmware_patch_notes_1.08b06_en_ww.pdf
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6530
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-6530
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/78.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/zyw-200/equafl_setup
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-06671 // 
            
            
            
            VULHUB: VHN-136562 // 
            
            
            
            VULMON: CVE-2018-6530 // 
            
            
            
            JVNDB: JVNDB-2018-002681 // 
            
            
            
            CNNVD: CNNVD-201803-149 // 
            
            
            
            NVD: CVE-2018-6530

SOURCES
db:CNVDid:CNVD-2018-06671
db:VULHUBid:VHN-136562
db:VULMONid:CVE-2018-6530
db:JVNDBid:JVNDB-2018-002681
db:CNNVDid:CNNVD-201803-149
db:NVDid:CVE-2018-6530

LAST UPDATE DATE
2024-11-23T22:22:11.452000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-06671date:2018-03-29T00:00:00
db:VULHUBid:VHN-136562date:2018-03-27T00:00:00
db:VULMONid:CVE-2018-6530date:2023-11-08T00:00:00
db:JVNDBid:JVNDB-2018-002681date:2018-04-24T00:00:00
db:CNNVDid:CNNVD-201803-149date:2023-04-27T00:00:00
db:NVDid:CVE-2018-6530date:2024-11-21T04:10:50.700

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-06671date:2018-03-29T00:00:00
db:VULHUBid:VHN-136562date:2018-03-06T00:00:00
db:VULMONid:CVE-2018-6530date:2018-03-06T00:00:00
db:JVNDBid:JVNDB-2018-002681date:2018-04-24T00:00:00
db:CNNVDid:CNNVD-201803-149date:2018-03-07T00:00:00
db:NVDid:CVE-2018-6530date:2018-03-06T20:29:00.987