Details of VAR-201906-0588

ID

VAR-201906-0588

CVE

CVE-2019-12786

TITLE

D-Link DIR-818LW Command injection vulnerability in devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-005430

DESCRIPTION

An issue was discovered on D-Link DIR-818LW devices from 2.05.B03 to 2.06B01 BETA. There is a command injection in HNAP1 SetWanSettings via an XML injection of the value of the IPAddress key. D-Link DIR-818LW The device contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDIR-818LW is a wireless router from D-Link Corporation of Taiwan, China. The vulnerability stems from the fact that external input data constructs executable commands, and the network system or product does not properly filter the special elements. An attacker could exploit the vulnerability to execute an illegal command

Trust: 2.25

sources: NVD: CVE-2019-12786 // JVNDB: JVNDB-2019-005430 // CNVD: CNVD-2019-17124 // VULHUB: VHN-144567

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-17124

AFFECTED PRODUCTS

vendor:	dlink	model:	dir-818lw	scope:	eq	version:	2.06b01	Trust: 1.0
vendor:	dlink	model:	dir-818lw	scope:	eq	version:	2.05.b03	Trust: 1.0
vendor:	d link	model:	dir-818l	scope:	eq	version:	2.05.b03 to 2.06b01 beta	Trust: 0.8
vendor:	d link	model:	dir-818lw >=2.05.b03,<=2.06b01 beta	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2019-17124 // JVNDB: JVNDB-2019-005430 // NVD: CVE-2019-12786

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-12786
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-12786
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2019-17124
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201906-358
value:	HIGH
Trust: 0.6
VULHUB:	VHN-144567
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-12786
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-17124
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-144567
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-12786
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2019-12786
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2019-17124 // VULHUB: VHN-144567 // JVNDB: JVNDB-2019-005430 // CNNVD: CNNVD-201906-358 // NVD: CVE-2019-12786

PROBLEMTYPE DATA

problemtype:

CWE-77

Trust: 1.9

sources: VULHUB: VHN-144567 // JVNDB: JVNDB-2019-005430 // NVD: CVE-2019-12786

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-358

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-201906-358

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-005430

PATCH

title:

DIR-818LW

url:

https://support.dlink.com/ProductInfo.aspx?m=DIR-818LW

Trust: 0.8

sources: JVNDB: JVNDB-2019-005430

EXTERNAL IDS

db:	NVD	id:	CVE-2019-12786	Trust: 3.1
db:	JVNDB	id:	JVNDB-2019-005430	Trust: 0.8
db:	CNNVD	id:	CNNVD-201906-358	Trust: 0.7
db:	CNVD	id:	CNVD-2019-17124	Trust: 0.6
db:	VULHUB	id:	VHN-144567	Trust: 0.1

sources: CNVD: CNVD-2019-17124 // VULHUB: VHN-144567 // JVNDB: JVNDB-2019-005430 // CNNVD: CNNVD-201906-358 // NVD: CVE-2019-12786

REFERENCES

url:	https://github.com/teamseri0us/pocs/blob/master/iot/dlink/dir818-protected.pdf	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12786	Trust: 2.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12786	Trust: 0.8

sources: CNVD: CNVD-2019-17124 // VULHUB: VHN-144567 // JVNDB: JVNDB-2019-005430 // CNNVD: CNNVD-201906-358 // NVD: CVE-2019-12786

SOURCES

db:	CNVD	id:	CNVD-2019-17124
db:	VULHUB	id:	VHN-144567
db:	JVNDB	id:	JVNDB-2019-005430
db:	CNNVD	id:	CNNVD-201906-358
db:	NVD	id:	CVE-2019-12786

LAST UPDATE DATE

2024-11-23T23:01:49.130000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-17124	date:	2019-06-12T00:00:00
db:	VULHUB	id:	VHN-144567	date:	2019-06-11T00:00:00
db:	JVNDB	id:	JVNDB-2019-005430	date:	2019-06-20T00:00:00
db:	CNNVD	id:	CNNVD-201906-358	date:	2019-06-12T00:00:00
db:	NVD	id:	CVE-2019-12786	date:	2024-11-21T04:23:34.597

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-17124	date:	2019-06-12T00:00:00
db:	VULHUB	id:	VHN-144567	date:	2019-06-10T00:00:00
db:	JVNDB	id:	JVNDB-2019-005430	date:	2019-06-20T00:00:00
db:	CNNVD	id:	CNNVD-201906-358	date:	2019-06-10T00:00:00
db:	NVD	id:	CVE-2019-12786	date:	2019-06-10T18:29:00.643