PT-2019-13359 · D Link · D-Link Dir-818Lw

Publicado

2019-07-10

Atualizado

2021-04-23

CVE-2019-13481

CVSS v2.0

9.0

Alta

Vetor

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions D-Link DIR-818LW version 2.06betab01

Description A command injection issue was discovered in the HNAP1 protocol, which is exploitable with authentication. This issue occurs via shell metacharacters in the MTU field when using the SetWanSettings function.

Recommendations For D-Link DIR-818LW version 2.06betab01, as a temporary workaround, consider restricting access to the HNAP1 protocol or disabling the SetWanSettings function until a patch is available. Avoid using shell metacharacters in the MTU field to minimize the risk of exploitation.

Exploit

Correção

OS Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-78

Identificadores relacionados

CVE-2019-13481

Produtos afetados

D-Link Dir-818Lw

PT-2019-13359 · D Link · D-Link Dir-818Lw

CVE-2019-13481

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4