Sign-up

ID

VAR-201907-0707


CVE

CVE-2019-13481


TITLE

D-Link DIR-818LW Command injection vulnerability in device firmware

Trust: 0.8

sources: JVNDB: JVNDB-2019-006233

DESCRIPTION

An issue was discovered on D-Link DIR-818LW devices with firmware 2.06betab01. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the MTU field to SetWanSettings. D-Link DIR-818LW The device firmware contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDIR-818LW is a wireless router from D-Link Corporation of Taiwan, China. A command injection vulnerability exists in HNAP1 in D-LinkDIR-818LW using firmware version 2.06betab01. The vulnerability stems from the fact that external input data constructs executable commands, and the network system or product does not properly filter the special elements. An attacker could exploit the vulnerability to execute an illegal command. D-Link DIR-818LW is prone to multiple command-injection vulnerabilities. Failed exploit attempts will likely result in denial-of-service conditions

Trust: 2.52

sources: NVD: CVE-2019-13481 // JVNDB: JVNDB-2019-006233 // CNVD: CNVD-2019-22213 // BID: 109131 // VULHUB: VHN-145332

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-22213

AFFECTED PRODUCTS

vendor:dlinkmodel:dir-818lwscope:eqversion:2.06

Trust: 1.0

vendor:d linkmodel:dir-818lw 2.06betab01scope: - version: -

Trust: 0.9

vendor:d linkmodel:dir-818lscope:eqversion:2.06betab01

Trust: 0.8

sources: CNVD: CNVD-2019-22213 // BID: 109131 // JVNDB: JVNDB-2019-006233 // NVD: CVE-2019-13481

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-13481
value: HIGH

Trust: 1.0

NVD: CVE-2019-13481
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-22213
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201907-601
value: HIGH

Trust: 0.6

VULHUB: VHN-145332
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-13481
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-22213
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-145332
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-13481
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-13481
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-22213 // VULHUB: VHN-145332 // JVNDB: JVNDB-2019-006233 // CNNVD: CNNVD-201907-601 // NVD: CVE-2019-13481

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.1

problemtype:CWE-77

Trust: 0.9

sources: VULHUB: VHN-145332 // JVNDB: JVNDB-2019-006233 // NVD: CVE-2019-13481

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-601

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201907-601

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-006233

PATCH
title:Top Pageurl:http://www.dlink.lt/en/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-006233

EXTERNAL IDS
db:NVDid:CVE-2019-13481
Trust: 3.4
db:BIDid:109131
Trust: 2.6
db:JVNDBid:JVNDB-2019-006233
Trust: 0.8
db:CNVDid:CNVD-2019-22213
Trust: 0.6
db:CNNVDid:CNNVD-201907-601
Trust: 0.6
db:VULHUBid:VHN-145332
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-22213 // 
            
            
            
            VULHUB: VHN-145332 // 
            
            
            
            BID: 109131 // 
            
            
            
            JVNDB: JVNDB-2019-006233 // 
            
            
            
            CNNVD: CNNVD-201907-601 // 
            
            
            
            NVD: CVE-2019-13481

REFERENCES
url:https://github.com/teamseri0us/pocs/blob/master/iot/dlink/dir818-3.pdf
Trust: 2.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-13481
Trust: 2.0
url:http://www.securityfocus.com/bid/109131
Trust: 1.7
url:http://www.dlink.com/
Trust: 0.9
url:https://github.com/teamseri0us/pocs/blob/master/iot/dlink/dir818-4.pdf
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13481
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-22213 // 
            
            
            
            VULHUB: VHN-145332 // 
            
            
            
            BID: 109131 // 
            
            
            
            JVNDB: JVNDB-2019-006233 // 
            
            
            
            CNNVD: CNNVD-201907-601 // 
            
            
            
            NVD: CVE-2019-13481

CREDITS
TeamSeri0us
Trust: 0.9
sources:
            
            
            BID: 109131 // 
            
            
            
            CNNVD: CNNVD-201907-601

SOURCES
db:CNVDid:CNVD-2019-22213
db:VULHUBid:VHN-145332
db:BIDid:109131
db:JVNDBid:JVNDB-2019-006233
db:CNNVDid:CNNVD-201907-601
db:NVDid:CVE-2019-13481

LAST UPDATE DATE
2024-11-23T22:25:54.032000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-22213date:2019-07-12T00:00:00
db:VULHUBid:VHN-145332date:2020-08-24T00:00:00
db:BIDid:109131date:2019-07-10T00:00:00
db:JVNDBid:JVNDB-2019-006233date:2019-07-17T00:00:00
db:CNNVDid:CNNVD-201907-601date:2020-10-28T00:00:00
db:NVDid:CVE-2019-13481date:2024-11-21T04:24:59.233

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-22213date:2019-07-12T00:00:00
db:VULHUBid:VHN-145332date:2019-07-10T00:00:00
db:BIDid:109131date:2019-07-10T00:00:00
db:JVNDBid:JVNDB-2019-006233date:2019-07-17T00:00:00
db:CNNVDid:CNNVD-201907-601date:2019-07-10T00:00:00
db:NVDid:CVE-2019-13481date:2019-07-10T20:15:12.483