Vulnerabilites related to dlink - dwr-912_firmware
Vulnerability from fkie_nvd
Published
2018-10-17 14:29
Modified
2024-11-21 03:42
Severity ?
Summary
An issue was discovered on D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. An authenticated attacker may execute arbitrary code by injecting the shell command into the chkisg.htm page Sip parameter. This allows for full control over the device internals.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://sploit.tech/2018/10/12/D-Link.html | Exploit, Third Party Advisory | |
| cve@mitre.org | https://seclists.org/fulldisclosure/2018/Oct/36 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://sploit.tech/2018/10/12/D-Link.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2018/Oct/36 | Exploit, Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dwr-116_firmware | * | |
| dlink | dwr-116 | - | |
| dlink | dwr-512_firmware | * | |
| dlink | dwr-512 | - | |
| dlink | dwr-912_firmware | * | |
| dlink | dwr-921 | - | |
| dlink | dwr-111_firmware | * | |
| dlink | dwr-111 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dwr-116_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B75F8993-E3DE-4E8E-A202-F65B73BCBE4B",
"versionEndIncluding": "1.06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dwr-116:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B307E277-9C31-4D69-B4E2-4FE28B2E2AE3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dwr-512_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41CAC2C7-FAC8-48DA-B28E-8112209B8898",
"versionEndIncluding": "2.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dwr-512:-:*:*:*:*:*:*:*",
"matchCriteriaId": "90DE6771-50FB-492D-B931-193BB9286B52",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dwr-912_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37FEC076-CCD2-4153-9E49-50F6BE0E4F8E",
"versionEndIncluding": "2.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dwr-921:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43F0390E-B9E1-463A-A08C-B529778EE72F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dwr-111_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16948147-16DB-4365-A4EC-3F5B4298B564",
"versionEndIncluding": "1.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dwr-111:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B810AA-0D3A-439F-8AD9-D42CB368343B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. An authenticated attacker may execute arbitrary code by injecting the shell command into the chkisg.htm page Sip parameter. This allows for full control over the device internals."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en dispositivos D-Link DWR-116 hasta la versi\u00f3n 1.06, DWR-512 hasta la versi\u00f3n 2.02, DWR-712 hasta la versi\u00f3n 2.02, DWR-912 hasta la versi\u00f3n 2.02, DWR-921 hasta la versi\u00f3n 2.02 y DWR-111 hasta la versi\u00f3n 1.01. Un atacante autenticado podr\u00eda ejecutar c\u00f3digo arbitrario inyectando el comando shell en el par\u00e1metro Sip de la p\u00e1gina chkisg.htm. Esto permite el control total de las partes internas del dispositivo."
}
],
"id": "CVE-2018-10823",
"lastModified": "2024-11-21T03:42:05.663",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-17T14:29:00.787",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://sploit.tech/2018/10/12/D-Link.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2018/Oct/36"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://sploit.tech/2018/10/12/D-Link.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2018/Oct/36"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-10-17 14:29
Modified
2024-11-21 03:42
Severity ?
Summary
Directory traversal vulnerability in the web interface on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices allows remote attackers to read arbitrary files via a /.. or // after "GET /uir" in an HTTP request. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-6190.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://sploit.tech/2018/10/12/D-Link.html | Exploit | |
| cve@mitre.org | https://seclists.org/fulldisclosure/2018/Oct/36 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://sploit.tech/2018/10/12/D-Link.html | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2018/Oct/36 | Exploit, Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dwr-116_firmware | * | |
| dlink | dwr-116 | - | |
| dlink | dir-140l_firmware | * | |
| dlink | dir-140l | - | |
| dlink | dir-640l_firmware | * | |
| dlink | dir-640l | - | |
| dlink | dwr-512_firmware | * | |
| dlink | dwr-512 | - | |
| dlink | dwr-712_firmware | * | |
| dlink | dwr-712 | - | |
| dlink | dwr-912_firmware | * | |
| dlink | dwr-921 | - | |
| dlink | dwr-921_firmware | * | |
| dlink | dwr-921 | - | |
| dlink | dwr-111_firmware | * | |
| dlink | dwr-111 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dwr-116_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B75F8993-E3DE-4E8E-A202-F65B73BCBE4B",
"versionEndIncluding": "1.06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dwr-116:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B307E277-9C31-4D69-B4E2-4FE28B2E2AE3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-140l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18157B-E01A-436D-BE12-67F98EED68E3",
"versionEndIncluding": "1.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-140l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB31E266-B075-42EA-891D-B4EB8E800091",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-640l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5749C6C-2149-4BE0-971D-B01897BEC22D",
"versionEndIncluding": "1.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-640l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "420C6BC9-082D-47D7-9612-553B3B8EEBBA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dwr-512_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41CAC2C7-FAC8-48DA-B28E-8112209B8898",
"versionEndIncluding": "2.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dwr-512:-:*:*:*:*:*:*:*",
"matchCriteriaId": "90DE6771-50FB-492D-B931-193BB9286B52",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dwr-712_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB35A612-8DBD-46BD-80C5-4CA982D414C6",
"versionEndIncluding": "2.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dwr-712:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F45AFE88-4369-4CD5-BFC0-69AF3DF0A77A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dwr-912_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37FEC076-CCD2-4153-9E49-50F6BE0E4F8E",
"versionEndIncluding": "2.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dwr-921:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43F0390E-B9E1-463A-A08C-B529778EE72F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dwr-921_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "98B01219-1B35-45CF-AD67-53E59C5A2C99",
"versionEndIncluding": "2.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dwr-921:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43F0390E-B9E1-463A-A08C-B529778EE72F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dwr-111_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16948147-16DB-4365-A4EC-3F5B4298B564",
"versionEndIncluding": "1.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dwr-111:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B810AA-0D3A-439F-8AD9-D42CB368343B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the web interface on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices allows remote attackers to read arbitrary files via a /.. or // after \"GET /uir\" in an HTTP request. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-6190."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en la interfaz web en dispositivos D-Link DWR-116 hasta la versi\u00f3n 1.06, DIR-140L hasta la versi\u00f3n 1.02, DIR-640L hasta la versi\u00f3n 1.02, DWR-512 hasta la versi\u00f3n 2.02, DWR-712 hasta la versi\u00f3n 2.02, DWR-912 hasta la versi\u00f3n 2.02, DWR-921 hasta la versi\u00f3n 2.02 y DWR-111 hasta la versi\u00f3n 1.01 permite que atacantes remotos lean archivos arbitrarios mediante /.. o // tras \"GET /uir\" en una petici\u00f3n HTTP. NOTA: Esta vulnerabilidad existe debido a una soluci\u00f3n incorrecta para CVE-2017-6190."
}
],
"id": "CVE-2018-10822",
"lastModified": "2024-11-21T03:42:05.497",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-17T14:29:00.663",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://sploit.tech/2018/10/12/D-Link.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2018/Oct/36"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://sploit.tech/2018/10/12/D-Link.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2018/Oct/36"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-10-17 14:29
Modified
2024-11-21 03:42
Severity ?
Summary
An issue was discovered on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. The administrative password is stored in plaintext in the /tmp/csman/0 file. An attacker having a directory traversal (or LFI) can easily get full router access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://sploit.tech/2018/10/12/D-Link.html | Exploit, Third Party Advisory | |
| cve@mitre.org | https://seclists.org/fulldisclosure/2018/Oct/36 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://sploit.tech/2018/10/12/D-Link.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2018/Oct/36 | Exploit, Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dwr-116_firmware | * | |
| dlink | dwr-116 | - | |
| dlink | dir-140l_firmware | * | |
| dlink | dir-140l | - | |
| dlink | dir-640l_firmware | * | |
| dlink | dir-640l | - | |
| dlink | dwr-512_firmware | * | |
| dlink | dwr-512 | - | |
| dlink | dwr-712_firmware | * | |
| dlink | dwr-712 | - | |
| dlink | dwr-912_firmware | * | |
| dlink | dwr-921 | - | |
| dlink | dwr-921_firmware | * | |
| dlink | dwr-921 | - | |
| dlink | dwr-111_firmware | * | |
| dlink | dwr-111 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dwr-116_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B75F8993-E3DE-4E8E-A202-F65B73BCBE4B",
"versionEndIncluding": "1.06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dwr-116:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B307E277-9C31-4D69-B4E2-4FE28B2E2AE3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-140l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18157B-E01A-436D-BE12-67F98EED68E3",
"versionEndIncluding": "1.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-140l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB31E266-B075-42EA-891D-B4EB8E800091",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-640l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5749C6C-2149-4BE0-971D-B01897BEC22D",
"versionEndIncluding": "1.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-640l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "420C6BC9-082D-47D7-9612-553B3B8EEBBA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dwr-512_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41CAC2C7-FAC8-48DA-B28E-8112209B8898",
"versionEndIncluding": "2.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dwr-512:-:*:*:*:*:*:*:*",
"matchCriteriaId": "90DE6771-50FB-492D-B931-193BB9286B52",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dwr-712_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB35A612-8DBD-46BD-80C5-4CA982D414C6",
"versionEndIncluding": "2.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dwr-712:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F45AFE88-4369-4CD5-BFC0-69AF3DF0A77A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dwr-912_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37FEC076-CCD2-4153-9E49-50F6BE0E4F8E",
"versionEndIncluding": "2.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dwr-921:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43F0390E-B9E1-463A-A08C-B529778EE72F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dwr-921_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "98B01219-1B35-45CF-AD67-53E59C5A2C99",
"versionEndIncluding": "2.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dwr-921:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43F0390E-B9E1-463A-A08C-B529778EE72F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dwr-111_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16948147-16DB-4365-A4EC-3F5B4298B564",
"versionEndIncluding": "1.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dwr-111:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B810AA-0D3A-439F-8AD9-D42CB368343B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. The administrative password is stored in plaintext in the /tmp/csman/0 file. An attacker having a directory traversal (or LFI) can easily get full router access."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en dispositivos D-Link DWR-116 hasta la versi\u00f3n 1.06, DIR-140L hasta la versi\u00f3n 1.02, DWR-512 hasta la versi\u00f3n 2.02, DWR-712 hasta la versi\u00f3n 2.02, DWR-912 hasta la versi\u00f3n 2.02, DWR-921 hasta la versi\u00f3n 2.02 y DWR-111 hasta la versi\u00f3n 1.01. La contrase\u00f1a administrativa se almacena en texto plano en el archivo /tmp/csman/0. Un atacante que tenga un salto de directorio (o LFI) puede obtener f\u00e1cilmente el acceso total al router."
}
],
"id": "CVE-2018-10824",
"lastModified": "2024-11-21T03:42:05.830",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-17T14:29:00.930",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://sploit.tech/2018/10/12/D-Link.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2018/Oct/36"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://sploit.tech/2018/10/12/D-Link.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2018/Oct/36"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
},
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2018-10824
Vulnerability from cvelistv5
Published
2018-10-17 14:00
Modified
2024-08-05 07:46
Severity ?
EPSS score ?
Summary
An issue was discovered on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. The administrative password is stored in plaintext in the /tmp/csman/0 file. An attacker having a directory traversal (or LFI) can easily get full router access.
References
| ▼ | URL | Tags |
|---|---|---|
| https://seclists.org/fulldisclosure/2018/Oct/36 | mailing-list, x_refsource_FULLDISC | |
| http://sploit.tech/2018/10/12/D-Link.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:46:46.962Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20181012 Multiple vulnerabilities in D-Link routers",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2018/Oct/36"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sploit.tech/2018/10/12/D-Link.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. The administrative password is stored in plaintext in the /tmp/csman/0 file. An attacker having a directory traversal (or LFI) can easily get full router access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20181012 Multiple vulnerabilities in D-Link routers",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "https://seclists.org/fulldisclosure/2018/Oct/36"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sploit.tech/2018/10/12/D-Link.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10824",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. The administrative password is stored in plaintext in the /tmp/csman/0 file. An attacker having a directory traversal (or LFI) can easily get full router access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20181012 Multiple vulnerabilities in D-Link routers",
"refsource": "FULLDISC",
"url": "https://seclists.org/fulldisclosure/2018/Oct/36"
},
{
"name": "http://sploit.tech/2018/10/12/D-Link.html",
"refsource": "MISC",
"url": "http://sploit.tech/2018/10/12/D-Link.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-10824",
"datePublished": "2018-10-17T14:00:00",
"dateReserved": "2018-05-08T00:00:00",
"dateUpdated": "2024-08-05T07:46:46.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-10823
Vulnerability from cvelistv5
Published
2018-10-17 14:00
Modified
2024-08-05 07:46
Severity ?
EPSS score ?
Summary
An issue was discovered on D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. An authenticated attacker may execute arbitrary code by injecting the shell command into the chkisg.htm page Sip parameter. This allows for full control over the device internals.
References
| ▼ | URL | Tags |
|---|---|---|
| https://seclists.org/fulldisclosure/2018/Oct/36 | mailing-list, x_refsource_FULLDISC | |
| http://sploit.tech/2018/10/12/D-Link.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:46:47.451Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20181012 Multiple vulnerabilities in D-Link routers",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2018/Oct/36"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sploit.tech/2018/10/12/D-Link.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. An authenticated attacker may execute arbitrary code by injecting the shell command into the chkisg.htm page Sip parameter. This allows for full control over the device internals."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20181012 Multiple vulnerabilities in D-Link routers",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "https://seclists.org/fulldisclosure/2018/Oct/36"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sploit.tech/2018/10/12/D-Link.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10823",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. An authenticated attacker may execute arbitrary code by injecting the shell command into the chkisg.htm page Sip parameter. This allows for full control over the device internals."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20181012 Multiple vulnerabilities in D-Link routers",
"refsource": "FULLDISC",
"url": "https://seclists.org/fulldisclosure/2018/Oct/36"
},
{
"name": "http://sploit.tech/2018/10/12/D-Link.html",
"refsource": "MISC",
"url": "http://sploit.tech/2018/10/12/D-Link.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-10823",
"datePublished": "2018-10-17T14:00:00",
"dateReserved": "2018-05-08T00:00:00",
"dateUpdated": "2024-08-05T07:46:47.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-10822
Vulnerability from cvelistv5
Published
2018-10-17 14:00
Modified
2024-08-05 07:46
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in the web interface on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices allows remote attackers to read arbitrary files via a /.. or // after "GET /uir" in an HTTP request. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-6190.
References
| ▼ | URL | Tags |
|---|---|---|
| https://seclists.org/fulldisclosure/2018/Oct/36 | mailing-list, x_refsource_FULLDISC | |
| http://sploit.tech/2018/10/12/D-Link.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:46:47.301Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20181012 Multiple vulnerabilities in D-Link routers",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2018/Oct/36"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sploit.tech/2018/10/12/D-Link.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the web interface on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices allows remote attackers to read arbitrary files via a /.. or // after \"GET /uir\" in an HTTP request. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-6190."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20181012 Multiple vulnerabilities in D-Link routers",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "https://seclists.org/fulldisclosure/2018/Oct/36"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sploit.tech/2018/10/12/D-Link.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10822",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the web interface on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices allows remote attackers to read arbitrary files via a /.. or // after \"GET /uir\" in an HTTP request. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-6190."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20181012 Multiple vulnerabilities in D-Link routers",
"refsource": "FULLDISC",
"url": "https://seclists.org/fulldisclosure/2018/Oct/36"
},
{
"name": "http://sploit.tech/2018/10/12/D-Link.html",
"refsource": "MISC",
"url": "http://sploit.tech/2018/10/12/D-Link.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-10822",
"datePublished": "2018-10-17T14:00:00",
"dateReserved": "2018-05-08T00:00:00",
"dateUpdated": "2024-08-05T07:46:47.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}