CVE-2018-6530: D-Link Multiple Routers OS Command Injection Vulnerability
First published: Tue Mar 06 2018(Updated: )
Multiple D-Link routers contain an unspecified vulnerability that allows for execution of OS commands.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| D-link Dir-860l Firmware | <=a1_fw110b04 | |
| Dlink Dir-860l | ||
| Dlink Dir-865l Firmware | <=reva_firmware_patch_1.08.b01 | |
| Dlink Dir-865l | ||
| Dlink Dir-868l Firmware | <=a1_fw112b04 | |
| Dlink Dir-868l | ||
| D-link Dir-880l Firmware | <=reva_firmware_patch_1.08b04 | |
| Dlink Dir-880l | ||
| Dlink Dir-860l Firmware | <=a1_fw110b04 | |
| Dlink Dir-880l Firmware | <=reva_firmware_patch_1.08b04 | |
| D-Link Multiple Routers | ||
| All of | ||
| Dlink Dir-860l Firmware | <=a1_fw110b04 | |
| Dlink Dir-860l | ||
| All of | ||
| Dlink Dir-865l Firmware | <=reva_firmware_patch_1.08.b01 | |
| Dlink Dir-865l | ||
| All of | ||
| Dlink Dir-868l Firmware | <=a1_fw112b04 | |
| Dlink Dir-868l | ||
| All of | ||
| Dlink Dir-880l Firmware | <=reva_firmware_patch_1.08b04 | |
| Dlink Dir-880l |
Remedy
The vendor D-Link published an advisory stating the fix under CVE-2018-20114 properly patches KEV entry CVE-2018-6530. If the device is still supported, apply updates per vendor instructions. If the affected device has since entered its end-of-life, it should be disconnected if still in use.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-6530?
CVE-2018-6530 is a critical OS command injection vulnerability in multiple D-Link routers.
Which D-Link routers are affected by CVE-2018-6530?
CVE-2018-6530 affects D-Link DIR-880L, DIR-868L, DIR-865L, and DIR-860L routers.
What is the severity of CVE-2018-6530?
CVE-2018-6530 has a severity rating of 9.8 (critical).
How can I fix CVE-2018-6530?
To fix CVE-2018-6530, you should apply the latest firmware updates provided by D-Link.
Where can I find more information about CVE-2018-6530?
You can find more information about CVE-2018-6530 on the D-Link support announcement and GitHub repository links provided in the references.
- collector/nvd-index
- collector/nvd-api
- agent/author
- agent/type
- agent/weakness
- agent/softwarecombine
- agent/title
- agent/remedy
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- exploited/true
- ransomware/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup
- agent/references
- agent/event
- agent/tags
- collector/nvd-cve
- source/NVD
- vendor/d-link
- canonical/d-link dir-860l firmware
- version/d-link dir-860l firmware/a1_fw110b04
- vendor/dlink
- canonical/dlink dir-860l
- canonical/dlink dir-865l firmware
- version/dlink dir-865l firmware/reva_firmware_patch_1.08.b01
- canonical/dlink dir-865l
- canonical/dlink dir-868l firmware
- version/dlink dir-868l firmware/a1_fw112b04
- canonical/dlink dir-868l
- canonical/d-link dir-880l firmware
- version/d-link dir-880l firmware/reva_firmware_patch_1.08b04
- canonical/dlink dir-880l
- canonical/dlink dir-860l firmware
- version/dlink dir-860l firmware/a1_fw110b04
- canonical/dlink dir-880l firmware
- version/dlink dir-880l firmware/reva_firmware_patch_1.08b04
- canonical/d-link multiple routers