CVE-2018-19300

EUVD-2018-11000

11.04.2019, 16:29

On D-Link DAP-1530 (A1) before firmware version 1.06b01, DAP-1610 (A1) before firmware version 1.06b01, DWR-111 (A1) before firmware version 1.02v02, DWR-116 (A1) before firmware version 1.06b03, DWR-512 (B1) before firmware version 2.02b01, DWR-711 (A1) through firmware version 1.11, DWR-712 (B1) before firmware version 2.04b01, DWR-921 (A1) before firmware version 1.02b01, and DWR-921 (B1) before firmware version 2.03b01, there exists an EXCU_SHELL file in the web directory. By sending a GET request with specially crafted headers to the /EXCU_SHELL URI, an attacker could execute arbitrary shell commands in the root context on the affected device. Other devices might be affected as well.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 95%

Affected Products (NVD)

Vendor	Product	Version
d-link	dap-1530_firmware	𝑥 ≤ 1.05
d-link	dap-1610_firmware	𝑥 ≤ 1.05
dlink	dwr-111_firmware	𝑥 ≤ 1.01
d-link	dwr-116_firmware	1.06:b1
d-link	dwr-116_firmware	1.06:b2
dlink	dwr-116_firmware	𝑥 ≤ 1.05
dlink	dwr-512_firmware	𝑥 ≤ 2.02
d-link	dwr-711_firmware	𝑥 ≤ 1.11
dlink	dwr-712_firmware	𝑥 ≤ 2.02
dlink	dwr-921_firmware	𝑥 ≤ 1.02
dlink	dwr-921_firmware	𝑥 ≤ 2.02

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

https://community.greenbone.net/t/cve-2018-19300-remote-command-execution-vulnerability-in-d-link-dwr-and-dap-routers/1772

https://eu.dlink.com/de/de/support/support-news/2019/march/19/remote-command-execution-vulnerability-in-d-link-dwr-and-dap-routers

https://www.greenbone.net/en/serious-vulnerability-discovered-in-d-link-routers/

https://www.greenbone.net/schwerwiegende-sicherheitsluecke-in-d-link-routern-entdeckt/

https://community.greenbone.net/t/cve-2018-19300-remote-command-execution-vulnerability-in-d-link-dwr-and-dap-routers/1772

https://eu.dlink.com/de/de/support/support-news/2019/march/19/remote-command-execution-vulnerability-in-d-link-dwr-and-dap-routers

https://www.greenbone.net/en/serious-vulnerability-discovered-in-d-link-routers/

https://www.greenbone.net/schwerwiegende-sicherheitsluecke-in-d-link-routern-entdeckt/