Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
Vulnerabilities for
'Dir-818lw firmware'
2019-05-13
CVE-2018-19987
CWE-78
D-Link DIR-822 Rev.B 202KRb06, DIR-822 Rev.C 3.10B06, DIR-860L Rev.B 2.03.B03, DIR-868L Rev.B 2.05B02, DIR-880L Rev.A 1.20B01_01_i3se_BETA, and DIR-890L Rev.A 1.21B02_BETA devices mishandle IsAccessPoint in /HNAP1/SetAccessPointMode. In the SetAccessPointMode.php source code, the IsAccessPoint parameter is saved in the ShellPath script file without any regex checking. After the script file is executed, the command injection occurs. A vulnerable /HNAP1/SetAccessPointMode XML message could have shell metacharacters in the IsAccessPoint element such as the `telnetd` string.
CVE-2018-19986
CWE-78
In the /HNAP1/SetRouterSettings message, the RemotePort parameter is vulnerable, and the vulnerability affects D-Link DIR-818LW Rev.A 2.05.B03 and DIR-822 B1 202KRb06 devices. In the SetRouterSettings.php source code, the RemotePort parameter is saved in the $path_inf_wan1."/web" internal configuration memory without any regex checking. And in the IPTWAN_build_command function of the iptwan.php source code, the data in $path_inf_wan1."/web" is used with the iptables command without any regex checking. A vulnerable /HNAP1/SetRouterSettings XML message could have shell metacharacters in the RemotePort element such as the `telnetd` string.
>>>
Vendor:
D-link
231
Products
Tftp server
Dl-704
Dwl-1000ap
Dp-303
Di-804
Dwl-900ap+
Di-614+
Di-624
Di-704p
Di-604
Dcs-900 internet camera
Dsl-502t
Dsl-504t
Dsl-562t
Dsl-g604t
Di-524
Di-784
Dwl-g700ap
Dsa-3100 airspot gateway
Dwl-2100ap
Di-604 broadband router
Ebr-2310 ethernet broadband router
Wbr-1310 wireless g router
Wbr-2310 rangebooster g router
Dsl-g624t
Dwl-g132
Dwl-2000ap+
Dph-540
Dph-541
Dir-100
Mpeg4 shm audio control
Dir-400
Dkvm-ip8
Dir-300
Camera stream client activex control
Dcs-5605 ptz ip network camera
Dsl-2730u
Dcs-932l camera
Dcs-932l camera firmware
Di-524up
Di-604+
Di-604s
Di-604up
Di-624s
Dir-120
Tm-g5240
Dsr-1000
Dsr-1000n
Dsr-150
Dsr-150n
Dsr-250
Dsr-500
Dsr-500n
Dsr-1000 firmware
Dsr-1000n firmware
Dsr-150 firmware
Dsr-150n firmware
Dsr-250 firmware
Dsr-250n firmware
Dsr-500 firmware
Dsr-500n firmware
Dsl-2640r
Dsl-2641r
Dap 2253
Dap 2253 firmware
Dir-505l shareport mobile companion
Dir-826l wireless n600 cloud router
Dir-505l shareport mobile companion firmware
Dir-826l wireless n600 cloud router firmware
Dap 1150
Dap 1150 firmware
Dap-1350
Dap-1350 firmware
Dir505 shareport mobile companion
Dsp-w215
Dir505 shareport mobile companion firmware
Dir505l shareport mobile companion firmware
Dsp-w215 firmware
Dir-601
Dir-601 firmware
Dsl-2760u-e1
Dir-645
Dir-645 firmware
Dsl2740u
Dsl2750u
Dcs-2103 hd cube network camera
Dcs-2103 hd cube network camera firmware
Dir-655
Dir-655 firmware
Dir-60
Dir-600 firmware
Dap-1360 firmware
Dsl-2730b firmware
Dcs-931l firmware
Dap-1320 firmware
Dcs-932l
Dcs-932l firmware
Dir-600l
Dir-605l
Dir-619l
See all Products for Vendor
D-link
Copyright
2024
, cxsecurity.com
Back to Top