CVE-2018-19300

11.04.2019, 16:29

On D-Link DAP-1530 (A1) before firmware version 1.06b01, DAP-1610 (A1) before firmware version 1.06b01, DWR-111 (A1) before firmware version 1.02v02, DWR-116 (A1) before firmware version 1.06b03, DWR-512 (B1) before firmware version 2.02b01, DWR-711 (A1) through firmware version 1.11, DWR-712 (B1) before firmware version 2.04b01, DWR-921 (A1) before firmware version 1.02b01, and DWR-921 (B1) before firmware version 2.03b01, there exists an EXCU_SHELL file in the web directory. By sending a GET request with specially crafted headers to the /EXCU_SHELL URI, an attacker could execute arbitrary shell commands in the root context on the affected device. Other devices might be affected as well.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 96%

Vendor	Product	Version
d-link	dap-1530_firmware	𝑥 ≤ 1.05
d-link	dap-1610_firmware	𝑥 ≤ 1.05
dlink	dwr-111_firmware	𝑥 ≤ 1.01
d-link	dwr-116_firmware	1.06:b1
d-link	dwr-116_firmware	1.06:b2
dlink	dwr-116_firmware	𝑥 ≤ 1.05
dlink	dwr-512_firmware	𝑥 ≤ 2.02
d-link	dwr-711_firmware	𝑥 ≤ 1.11
dlink	dwr-712_firmware	𝑥 ≤ 2.02
dlink	dwr-921_firmware	𝑥 ≤ 1.02
dlink	dwr-921_firmware	𝑥 ≤ 2.02

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

https://community.greenbone.net/t/cve-2018-19300-remote-command-execution-vulnerability-in-d-link-dwr-and-dap-routers/1772

https://eu.dlink.com/de/de/support/support-news/2019/march/19/remote-command-execution-vulnerability-in-d-link-dwr-and-dap-routers

https://www.greenbone.net/en/serious-vulnerability-discovered-in-d-link-routers/

https://www.greenbone.net/schwerwiegende-sicherheitsluecke-in-d-link-routern-entdeckt/

https://community.greenbone.net/t/cve-2018-19300-remote-command-execution-vulnerability-in-d-link-dwr-and-dap-routers/1772

https://eu.dlink.com/de/de/support/support-news/2019/march/19/remote-command-execution-vulnerability-in-d-link-dwr-and-dap-routers

https://www.greenbone.net/en/serious-vulnerability-discovered-in-d-link-routers/

https://www.greenbone.net/schwerwiegende-sicherheitsluecke-in-d-link-routern-entdeckt/