CVE-2018-10822: Path Traversal
First published: Wed Oct 17 2018(Updated: )
Directory traversal vulnerability in the web interface on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices allows remote attackers to read arbitrary files via a /.. or // after "GET /uir" in an HTTP request. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-6190.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| D-Link DWR-116 Firmware | <=1.06 | |
| D-Link DWR-116 | ||
| D-Link DIR-140L Firmware | <=1.02 | |
| D-Link DIR-140L | ||
| D-Link DIR-640L Firmware | <=1.02 | |
| D-Link DIR-640L | ||
| D-Link DWR-512 Firmware | <=2.02 | |
| D-Link DWR-512 | ||
| D-Link DWR-712 firmware | <=2.02 | |
| D-Link DWR-712 firmware | ||
| D-Link DWR-912 Firmware | <=2.02 | |
| D-Link DWR-921 Firmware | ||
| D-Link DWR-921 Firmware | <=2.02 | |
| D-Link DWR-921 | ||
| D-Link DWR-111 Firmware | <=1.01 | |
| dlink DWR-111 firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-10822?
CVE-2018-10822 is rated as a medium severity vulnerability, allowing unauthorized file access.
How do I fix CVE-2018-10822?
To mitigate CVE-2018-10822, upgrade the affected D-Link devices to the latest firmware versions provided by D-Link.
What devices are affected by CVE-2018-10822?
CVE-2018-10822 affects several D-Link devices including DWR-116, DIR-140L, DIR-640L, DWR-512, DWR-712, DWR-912, DWR-921, and DWR-111 running specific firmware versions.
What type of attack does CVE-2018-10822 facilitate?
CVE-2018-10822 facilitates a directory traversal attack, which allows remote attackers to access arbitrary files on the impacted devices.
Is a workaround available for CVE-2018-10822?
There is no known workaround for CVE-2018-10822, therefore it's crucial to update the firmware to remediate the vulnerability.
- agent/references
- agent/author
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- vendor/dlink
- canonical/d-link dwr-116 firmware
- version/d-link dwr-116 firmware/1.06
- canonical/d-link dwr-116
- canonical/d-link dir-140l firmware
- version/d-link dir-140l firmware/1.02
- canonical/d-link dir-140l
- canonical/d-link dir-640l firmware
- version/d-link dir-640l firmware/1.02
- canonical/d-link dir-640l
- canonical/d-link dwr-512 firmware
- version/d-link dwr-512 firmware/2.02
- canonical/d-link dwr-512
- canonical/d-link dwr-712 firmware
- version/d-link dwr-712 firmware/2.02
- canonical/d-link dwr-912 firmware
- version/d-link dwr-912 firmware/2.02
- vendor/d-link
- canonical/d-link dwr-921 firmware
- version/d-link dwr-921 firmware/2.02
- canonical/d-link dwr-921
- canonical/d-link dwr-111 firmware
- version/d-link dwr-111 firmware/1.01
- canonical/dlink dwr-111 firmware