Sign-up

ID

VAR-201907-0708


CVE

CVE-2019-13482


TITLE

D-Link DIR-818LW Command injection vulnerability in device firmware

Trust: 0.8

sources: JVNDB: JVNDB-2019-006234

DESCRIPTION

An issue was discovered on D-Link DIR-818LW devices with firmware 2.06betab01. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Type field to SetWanSettings. D-Link DIR-818LW The device firmware contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDIR-818LW is a wireless router from D-Link Corporation of Taiwan, China. A command injection vulnerability exists in HNAP1 in D-LinkDIR-818LW using firmware version 2.06betab01. The vulnerability stems from the fact that external input data constructs executable commands, and the network system or product does not properly filter the special elements. An attacker could exploit the vulnerability to execute an illegal command. D-Link DIR-818LW is prone to multiple command-injection vulnerabilities. Failed exploit attempts will likely result in denial-of-service conditions

Trust: 2.52

sources: NVD: CVE-2019-13482 // JVNDB: JVNDB-2019-006234 // CNVD: CNVD-2019-22226 // BID: 109131 // VULHUB: VHN-145333

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-22226

AFFECTED PRODUCTS

vendor:dlinkmodel:dir-818lwscope:eqversion:2.06

Trust: 1.0

vendor:d linkmodel:dir-818lw 2.06betab01scope: - version: -

Trust: 0.9

vendor:d linkmodel:dir-818lscope:eqversion:2.06betab01

Trust: 0.8

sources: CNVD: CNVD-2019-22226 // BID: 109131 // JVNDB: JVNDB-2019-006234 // NVD: CVE-2019-13482

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-13482
value: HIGH

Trust: 1.0

NVD: CVE-2019-13482
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-22226
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201907-602
value: HIGH

Trust: 0.6

VULHUB: VHN-145333
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-13482
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: CVE-2019-13482
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2019-22226
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-145333
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-13482
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-13482
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-22226 // VULHUB: VHN-145333 // JVNDB: JVNDB-2019-006234 // CNNVD: CNNVD-201907-602 // NVD: CVE-2019-13482

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.1

problemtype:CWE-77

Trust: 0.9

sources: VULHUB: VHN-145333 // JVNDB: JVNDB-2019-006234 // NVD: CVE-2019-13482

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-602

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201907-602

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-006234

PATCH
title:Top Pageurl:http://www.dlink.lt/en/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-006234

EXTERNAL IDS
db:NVDid:CVE-2019-13482
Trust: 3.4
db:BIDid:109131
Trust: 2.6
db:JVNDBid:JVNDB-2019-006234
Trust: 0.8
db:CNNVDid:CNNVD-201907-602
Trust: 0.7
db:CNVDid:CNVD-2019-22226
Trust: 0.6
db:VULHUBid:VHN-145333
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-22226 // 
            
            
            
            VULHUB: VHN-145333 // 
            
            
            
            BID: 109131 // 
            
            
            
            JVNDB: JVNDB-2019-006234 // 
            
            
            
            CNNVD: CNNVD-201907-602 // 
            
            
            
            NVD: CVE-2019-13482

REFERENCES
url:https://github.com/teamseri0us/pocs/blob/master/iot/dlink/dir818-4.pdf
Trust: 2.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-13482
Trust: 2.0
url:http://www.securityfocus.com/bid/109131
Trust: 1.7
url:http://www.dlink.com/
Trust: 0.9
url:https://github.com/teamseri0us/pocs/blob/master/iot/dlink/dir818-3.pdf
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13482
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-22226 // 
            
            
            
            VULHUB: VHN-145333 // 
            
            
            
            BID: 109131 // 
            
            
            
            JVNDB: JVNDB-2019-006234 // 
            
            
            
            CNNVD: CNNVD-201907-602 // 
            
            
            
            NVD: CVE-2019-13482

CREDITS
TeamSeri0us
Trust: 0.9
sources:
            
            
            BID: 109131 // 
            
            
            
            CNNVD: CNNVD-201907-602

SOURCES
db:CNVDid:CNVD-2019-22226
db:VULHUBid:VHN-145333
db:BIDid:109131
db:JVNDBid:JVNDB-2019-006234
db:CNNVDid:CNNVD-201907-602
db:NVDid:CVE-2019-13482

LAST UPDATE DATE
2024-11-23T22:25:53.998000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-22226date:2019-07-12T00:00:00
db:VULHUBid:VHN-145333date:2020-08-24T00:00:00
db:BIDid:109131date:2019-07-10T00:00:00
db:JVNDBid:JVNDB-2019-006234date:2019-07-17T00:00:00
db:CNNVDid:CNNVD-201907-602date:2020-10-28T00:00:00
db:NVDid:CVE-2019-13482date:2024-11-21T04:24:59.380

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-22226date:2019-07-12T00:00:00
db:VULHUBid:VHN-145333date:2019-07-10T00:00:00
db:BIDid:109131date:2019-07-10T00:00:00
db:JVNDBid:JVNDB-2019-006234date:2019-07-17T00:00:00
db:CNNVDid:CNNVD-201907-602date:2019-07-10T00:00:00
db:NVDid:CVE-2019-13482date:2019-07-10T20:15:12.543