First published: Mon May 13 2019(Updated: )
D-Link DIR-822 Rev.B 202KRb06, DIR-822 Rev.C 3.10B06, DIR-860L Rev.B 2.03.B03, DIR-868L Rev.B 2.05B02, DIR-880L Rev.A 1.20B01_01_i3se_BETA, and DIR-890L Rev.A 1.21B02_BETA devices mishandle IsAccessPoint in /HNAP1/SetAccessPointMode. In the SetAccessPointMode.php source code, the IsAccessPoint parameter is saved in the ShellPath script file without any regex checking. After the script file is executed, the command injection occurs. A vulnerable /HNAP1/SetAccessPointMode XML message could have shell metacharacters in the IsAccessPoint element such as the `telnetd` string.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
=2.05.b03 | ||
Dlink Dir-818lw | ||
D-link Dir-822 Firmware | =202krb06 | |
Dlink Dir-822 Firmware | =3.10b06 | |
Dlink Dir-822 | ||
D-link Dir-860l Firmware | =2.03.b03 | |
Dlink Dir-860l | ||
D-link Dir-868l Firmware | =2.05b02 | |
Dlink Dir-868l | ||
D-link Dir-880l Firmware | =1.20b01_01_i3se-beta | |
Dlink Dir-880l | ||
D-link Dir-890l\/r Firmware | =1.21b02-beta | |
Dlink Dir-890l\/r |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-19987 is a vulnerability that affects D-Link DIR-822, DIR-860L, DIR-868L, DIR-880L, and DIR-890L devices.
CVE-2018-19987 affects D-Link DIR-822 Rev.B 202KRb06 firmware by mishandling the IsAccessPoint parameter in /HNAP1/SetAccessPointMode.
CVE-2018-19987 has a severity rating of 9.8 (Critical).
To fix CVE-2018-19987 on your D-Link DIR-822 Rev.C 3.10B06, you should update the firmware to the latest version provided by D-Link.
You can find more information about CVE-2018-19987 at the following link: [GitHub - pr0v3rbs/CVE](https://github.com/pr0v3rbs/CVE/tree/master/CVE-2018-19986%20-%2019990)