Details of VAR-201905-1157

ID

VAR-201905-1157

CVE

CVE-2018-19986

TITLE

DIR-818LW and DIR-822 Command injection vulnerability in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-015436

DESCRIPTION

In the /HNAP1/SetRouterSettings message, the RemotePort parameter is vulnerable, and the vulnerability affects D-Link DIR-818LW Rev.A 2.05.B03 and DIR-822 B1 202KRb06 devices. In the SetRouterSettings.php source code, the RemotePort parameter is saved in the $path_inf_wan1."/web" internal configuration memory without any regex checking. And in the IPTWAN_build_command function of the iptwan.php source code, the data in $path_inf_wan1."/web" is used with the iptables command without any regex checking. A vulnerable /HNAP1/SetRouterSettings XML message could have shell metacharacters in the RemotePort element such as the `telnetd` string. DIR-818LW and DIR-822 The device contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-822 and so on are all wireless routers produced by Taiwan D-Link Company. There is an operating system command injection vulnerability in /HNAP1/SetAccessPointMode in several D-Link products. The vulnerability stems from the fact that the network system or product does not correctly filter special characters, commands, etc. in the process of constructing executable commands of the operating system from external input data. Attackers can exploit this vulnerability to execute illegal operating system commands. The following products and versions are affected: D-Link DIR-822 Rev.B 202KRb06; DIR-822 Rev.C 3.10B06; DIR-860L Rev.B 2.03.B03; DIR-868L Rev.B 2.05B02; DIR-880L Rev.A 1.20B01_01_i3se_BETA, version; DIR-890L Rev.A 1.21B02_BETA version

Trust: 2.16

sources: NVD: CVE-2018-19986 // JVNDB: JVNDB-2018-015436 // VULHUB: VHN-130700 // VULHUB: VHN-130701 // VULHUB: VHN-130702 // VULHUB: VHN-130703 // VULHUB: VHN-130705 // VULMON: CVE-2018-19986

AFFECTED PRODUCTS

vendor:	d link	model:	dir-818lw	scope:	eq	version:	2.05.b03	Trust: 1.0
vendor:	d link	model:	dir-822	scope:	eq	version:	202krb06	Trust: 1.0
vendor:	d link	model:	dir-818l	scope:	eq	version:	2.05.b03	Trust: 0.8
vendor:	d link	model:	dir-822	scope:	eq	version:	b1 202krb06	Trust: 0.8

sources: JVNDB: JVNDB-2018-015436 // NVD: CVE-2018-19986

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-19986
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-19986
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201905-305
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-130700
value:	HIGH
Trust: 0.1
VULHUB:	VHN-130701
value:	HIGH
Trust: 0.1
VULHUB:	VHN-130702
value:	HIGH
Trust: 0.1
VULHUB:	VHN-130703
value:	HIGH
Trust: 0.1
VULHUB:	VHN-130705
value:	HIGH
Trust: 0.1
VULMON:	CVE-2018-19986
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-19986
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-130700
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1
VULHUB:	VHN-130701
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1
VULHUB:	VHN-130702
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1
VULHUB:	VHN-130703
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1
VULHUB:	VHN-130705
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-19986
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-130700 // VULHUB: VHN-130701 // VULHUB: VHN-130702 // VULHUB: VHN-130703 // VULHUB: VHN-130705 // VULMON: CVE-2018-19986 // JVNDB: JVNDB-2018-015436 // CNNVD: CNNVD-201905-305 // NVD: CVE-2018-19986

PROBLEMTYPE DATA

problemtype:	CWE-78	Trust: 1.5
problemtype:	CWE-77	Trust: 1.3

sources: VULHUB: VHN-130700 // VULHUB: VHN-130701 // VULHUB: VHN-130702 // VULHUB: VHN-130703 // VULHUB: VHN-130705 // JVNDB: JVNDB-2018-015436 // NVD: CVE-2018-19986

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-305

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201905-305

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-015436

PATCH

title:	DIR-818LW	url:	https://support.dlink.com/ProductInfo.aspx?m=DIR-818LW,	Trust: 0.8
title:	DIR-822	url:	http://www.mydlink.co.kr/2013/beta_board/product_detail.php?no=205&model=DIR-822	Trust: 0.8
title:	blogpost_cve-2018-19987-analysis	url:	https://github.com/nahueldsanchez/blogpost_cve-2018-19987-analysis	Trust: 0.1
title:	dir2md	url:	https://github.com/XinRoom/dir2md	Trust: 0.1
title:	FirmAE	url:	https://github.com/pr0v3rbs/FirmAE	Trust: 0.1
title:	-	url:	https://github.com/sinword/FirmAE_Connlab	Trust: 0.1
title:	SecBooks	url:	https://github.com/SexyBeast233/SecBooks	Trust: 0.1

sources: VULMON: CVE-2018-19986 // JVNDB: JVNDB-2018-015436

EXTERNAL IDS

db:	NVD	id:	CVE-2018-19986	Trust: 3.0
db:	JVNDB	id:	JVNDB-2018-015436	Trust: 0.8
db:	CNNVD	id:	CNNVD-201905-305	Trust: 0.7
db:	VULHUB	id:	VHN-130700	Trust: 0.1
db:	CNNVD	id:	CNNVD-201905-309	Trust: 0.1
db:	VULHUB	id:	VHN-130701	Trust: 0.1
db:	CNNVD	id:	CNNVD-201905-307	Trust: 0.1
db:	VULHUB	id:	VHN-130702	Trust: 0.1
db:	CNNVD	id:	CNNVD-201905-308	Trust: 0.1
db:	VULHUB	id:	VHN-130703	Trust: 0.1
db:	CNNVD	id:	CNNVD-201905-313	Trust: 0.1
db:	VULHUB	id:	VHN-130705	Trust: 0.1
db:	VULMON	id:	CVE-2018-19986	Trust: 0.1

REFERENCES

url:	https://github.com/pr0v3rbs/cve/tree/master/cve-2018-19986%20-%2019990	Trust: 3.0
url:	https://nvd.nist.gov/vuln/detail/cve-2018-19986	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19986	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/78.html	Trust: 0.1
url:	https://github.com/nahueldsanchez/blogpost_cve-2018-19987-analysis	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

SOURCES

db:	VULHUB	id:	VHN-130700
db:	VULHUB	id:	VHN-130701
db:	VULHUB	id:	VHN-130702
db:	VULHUB	id:	VHN-130703
db:	VULHUB	id:	VHN-130705
db:	VULMON	id:	CVE-2018-19986
db:	JVNDB	id:	JVNDB-2018-015436
db:	CNNVD	id:	CNNVD-201905-305
db:	NVD	id:	CVE-2018-19986

LAST UPDATE DATE

2024-11-23T21:37:16.480000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-130700	date:	2019-10-03T00:00:00
db:	VULHUB	id:	VHN-130701	date:	2019-10-03T00:00:00
db:	VULHUB	id:	VHN-130702	date:	2019-10-03T00:00:00
db:	VULHUB	id:	VHN-130703	date:	2019-10-03T00:00:00
db:	VULHUB	id:	VHN-130705	date:	2019-10-03T00:00:00
db:	VULMON	id:	CVE-2018-19986	date:	2023-04-26T00:00:00
db:	JVNDB	id:	JVNDB-2018-015436	date:	2019-06-04T00:00:00
db:	CNNVD	id:	CNNVD-201905-305	date:	2020-05-22T00:00:00
db:	NVD	id:	CVE-2018-19986	date:	2024-11-21T03:58:56.683

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-130700	date:	2019-05-13T00:00:00
db:	VULHUB	id:	VHN-130701	date:	2019-05-13T00:00:00
db:	VULHUB	id:	VHN-130702	date:	2019-05-13T00:00:00
db:	VULHUB	id:	VHN-130703	date:	2019-05-13T00:00:00
db:	VULHUB	id:	VHN-130705	date:	2019-05-13T00:00:00
db:	VULMON	id:	CVE-2018-19986	date:	2019-05-13T00:00:00
db:	JVNDB	id:	JVNDB-2018-015436	date:	2019-06-04T00:00:00
db:	CNNVD	id:	CNNVD-201905-305	date:	2019-05-13T00:00:00
db:	NVD	id:	CVE-2018-19986	date:	2019-05-13T14:29:01.143