← Back

CVE-2018-6530

nvd nistnuclei
Published: Mar 6, 2018Modified: Nov 7, 2025CISA KEV

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter.

Affected (4)

Dlink
4 products
Dir 860l Firmware
Dir 865l Firmware
Dir 868l Firmware
Dir 880l Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Dir 860l Firmware
Up to 1.10b04
Running on/withPlatform Versions
Dlink
Dir 860l
Version a1
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Dir 865l Firmware
Up to 1.08b01
Running on/withPlatform Versions
Dlink
Dir 865l
Version a1
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Dir 868l Firmware
Up to 1.12b04
Running on/withPlatform Versions
Dlink
Dir 868l
Version a1
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Dir 880l Firmware
Up to 1.08b04
Running on/withPlatform Versions
Dlink
Dir 880l
Version a1

Related CWEs

CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (11)

ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf (unsafe URL)
Source: cve@mitre.org
Release NotesVendor Advisory
ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf (unsafe URL)
Source: cve@mitre.org
Release NotesVendor Advisory
ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf (unsafe URL)
Source: cve@mitre.org
Release NotesVendor Advisory
ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-880L/REVA/DIR-880L_REVA_FIRMWARE_PATCH_NOTES_1.08B06_EN_WW.pdf (unsafe URL)
Source: cve@mitre.org
Release NotesVendor Advisory
Source: cve@mitre.org
ExploitThird Party Advisory
ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf (unsafe URL)
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesVendor Advisory
ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf (unsafe URL)
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesVendor Advisory
ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf (unsafe URL)
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesVendor Advisory
ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-880L/REVA/DIR-880L_REVA_FIRMWARE_PATCH_NOTES_1.08B06_EN_WW.pdf (unsafe URL)
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
US Government Resource

Timeline

No history available yet.