CVE-2018-10967

On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can forge an HTTP request to inject operating system commands that can be executed on the device with higher privileges, aka remote code execution.
OS Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 85%
VendorProductVersion
d-linkdir-550a_firmware
𝑥
≤ 2.10kr
d-linkdir-604m_firmware
𝑥
≤ 2.10kr
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://fortiguard.com/zeroday/FG-VD-18-060
https://fortiguard.com/zeroday/FG-VD-18-060