Details of VAR-201906-0589

ID

VAR-201906-0589

CVE

CVE-2019-12787

TITLE

D-Link DIR-818LW Command Injection Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2019-17125 // CNNVD: CNNVD-201906-359

DESCRIPTION

An issue was discovered on D-Link DIR-818LW devices from 2.05.B03 to 2.06B01 BETA. There is a command injection in HNAP1 SetWanSettings via an XML injection of the value of the Gateway key. D-Link DIR-818LW Device with blinds XPath An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDIR-818LW is a wireless router from D-Link Corporation of Taiwan, China. The vulnerability stems from the fact that external input data constructs executable commands, and the network system or product does not properly filter the special elements. An attacker could exploit the vulnerability to execute an illegal command

Trust: 2.25

sources: NVD: CVE-2019-12787 // JVNDB: JVNDB-2019-005431 // CNVD: CNVD-2019-17125 // VULHUB: VHN-144568

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-17125

AFFECTED PRODUCTS

vendor:	dlink	model:	dir-818lw	scope:	eq	version:	2.06b01	Trust: 1.0
vendor:	dlink	model:	dir-818lw	scope:	eq	version:	2.05.b03	Trust: 1.0
vendor:	d link	model:	dir-818l	scope:	eq	version:	2.05.b03 to 2.06b01 beta	Trust: 0.8
vendor:	d link	model:	dir-818lw >=2.05.b03,<=2.06b01 beta	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2019-17125 // JVNDB: JVNDB-2019-005431 // NVD: CVE-2019-12787

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-12787
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-12787
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2019-17125
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201906-359
value:	HIGH
Trust: 0.6
VULHUB:	VHN-144568
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-12787
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-17125
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-144568
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-12787
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2019-12787
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2019-17125 // VULHUB: VHN-144568 // JVNDB: JVNDB-2019-005431 // CNNVD: CNNVD-201906-359 // NVD: CVE-2019-12787

PROBLEMTYPE DATA

problemtype:	CWE-78	Trust: 1.0
problemtype:	CWE-91	Trust: 0.9

sources: VULHUB: VHN-144568 // JVNDB: JVNDB-2019-005431 // NVD: CVE-2019-12787

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-359

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-201906-359

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-005431

PATCH

title:

DIR-818LW

url:

https://support.dlink.com/ProductInfo.aspx?m=DIR-818LW

Trust: 0.8

sources: JVNDB: JVNDB-2019-005431

EXTERNAL IDS

db:	NVD	id:	CVE-2019-12787	Trust: 3.1
db:	JVNDB	id:	JVNDB-2019-005431	Trust: 0.8
db:	CNNVD	id:	CNNVD-201906-359	Trust: 0.7
db:	CNVD	id:	CNVD-2019-17125	Trust: 0.6
db:	VULHUB	id:	VHN-144568	Trust: 0.1

sources: CNVD: CNVD-2019-17125 // VULHUB: VHN-144568 // JVNDB: JVNDB-2019-005431 // CNNVD: CNNVD-201906-359 // NVD: CVE-2019-12787

REFERENCES

url:	https://github.com/teamseri0us/pocs/blob/master/iot/dlink/dir818-2-protected.pdf	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12787	Trust: 2.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12787	Trust: 0.8

sources: CNVD: CNVD-2019-17125 // VULHUB: VHN-144568 // JVNDB: JVNDB-2019-005431 // CNNVD: CNNVD-201906-359 // NVD: CVE-2019-12787

SOURCES

db:	CNVD	id:	CNVD-2019-17125
db:	VULHUB	id:	VHN-144568
db:	JVNDB	id:	JVNDB-2019-005431
db:	CNNVD	id:	CNNVD-201906-359
db:	NVD	id:	CVE-2019-12787

LAST UPDATE DATE

2024-11-23T22:21:36.034000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-17125	date:	2019-06-12T00:00:00
db:	VULHUB	id:	VHN-144568	date:	2019-06-11T00:00:00
db:	JVNDB	id:	JVNDB-2019-005431	date:	2019-06-20T00:00:00
db:	CNNVD	id:	CNNVD-201906-359	date:	2019-06-12T00:00:00
db:	NVD	id:	CVE-2019-12787	date:	2024-11-21T04:23:34.750

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-17125	date:	2019-06-12T00:00:00
db:	VULHUB	id:	VHN-144568	date:	2019-06-10T00:00:00
db:	JVNDB	id:	JVNDB-2019-005431	date:	2019-06-20T00:00:00
db:	CNNVD	id:	CNNVD-201906-359	date:	2019-06-10T00:00:00
db:	NVD	id:	CVE-2019-12787	date:	2019-06-10T18:29:00.707