CVE-2018-20674

D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authenticated remote command execution.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 68%
VendorProductVersion
dlinkdir-822_firmware
𝑥
≤ 3.10b06
dlinkdir-822-us_firmware
𝑥
≤ 3.10b06
dlinkdir-850l_firmware
𝑥
≤ 1.21b07
dlinkdir-850l_firmware
𝑥
≤ 2.21b01
dlinkdir-850l_firmware
2.22b02:b02
dlinkdir-880l_firmware
𝑥
≤ 1.07.b08
dlinkdir-880l_firmware
1.20b01:b01
𝑥
= Vulnerable software versions
References
https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10101
https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10101