← Back

CVE-2018-19300

nvd nist
Published: Apr 11, 2019Modified: Nov 21, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

On D-Link DAP-1530 (A1) before firmware version 1.06b01, DAP-1610 (A1) before firmware version 1.06b01, DWR-111 (A1) before firmware version 1.02v02, DWR-116 (A1) before firmware version 1.06b03, DWR-512 (B1) before firmware version 2.02b01, DWR-711 (A1) through firmware version 1.11, DWR-712 (B1) before firmware version 2.04b01, DWR-921 (A1) before firmware version 1.02b01, and DWR-921 (B1) before firmware version 2.03b01, there exists an EXCU_SHELL file in the web directory. By sending a GET request with specially crafted headers to the /EXCU_SHELL URI, an attacker could execute arbitrary shell commands in the root context on the affected device. Other devices might be affected as well.

Affected (11)

D Link
4 products
Dap 1530 Firmware
Dap 1610 Firmware
Dwr 116 Firmware
Dwr 711 Firmware
Dlink
5 products
Dwr 111 Firmware
Dwr 116 Firmware
Dwr 512 Firmware
Dwr 712 Firmware
Dwr 921 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Dap 1530 Firmware
Up to 1.05
Running on/withPlatform Versions
Dlink
Dap 1530
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Dap 1610 Firmware
Up to 1.05
Running on/withPlatform Versions
Dlink
Dap 1610
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Dwr 111 Firmware
Up to 1.01
Running on/withPlatform Versions
Dlink
Dwr 111
All versions
Configuration D
3 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
D Link
Dwr 116 Firmware
Version 1.06 b1
Dwr 116 Firmware
Version 1.06 b2
Dwr 116 Firmware
Up to 1.05
Running on/withPlatform Versions
Dlink
Dwr 116
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Dwr 512 Firmware
Up to 2.02
Running on/withPlatform Versions
Dlink
Dwr 512
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Dwr 711 Firmware
Up to 1.11
Running on/withPlatform Versions
Dlink
Dwr 711
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Dwr 712 Firmware
Up to 2.02
Running on/withPlatform Versions
Dlink
Dwr 712
All versions
Configuration H
1 vulnerable
Vulnerable SoftwareAffected Versions
Dwr 921 Firmware
Up to 1.02
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Dwr 921 Firmware
Up to 2.02
Running on/withPlatform Versions
Dlink
Dwr 921
All versions

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (8)

Source: cve@mitre.org
ExploitThird Party Advisory
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.