CVE-2018-6530

Name of the Vulnerable Software and Affected Versions: D-Link DIR-868L versions prior to DIR868LA1 FW112b04 D-Link DIR-865L versions prior to DIR-865L REVA FIRMWARE PATCH 1.08.B01 D-Link DIR-880L versions prior to DIR-880L REVA FIRMWARE PATCH 1.08B04 D-Link DIR-860L versions prior to DIR860LA1 FW110b04

Description: The issue is related to the soapcgi main function in the soap.cgi script (/htdocs/cgibin/soap.cgi) of D-Link router microsoftware, which fails to neutralize special elements used in an operating system command. This allows a remote attacker to execute arbitrary OS commands using the service parameter.

Recommendations: For D-Link DIR-868L versions prior to DIR868LA1 FW112b04, update to a version newer than DIR868LA1 FW112b04. For D-Link DIR-865L versions prior to DIR-865L REVA FIRMWARE PATCH 1.08.B01, update to a version newer than DIR-865L REVA FIRMWARE PATCH 1.08.B01. For D-Link DIR-880L versions prior to DIR-880L REVA FIRMWARE PATCH 1.08B04, update to a version newer than DIR-880L REVA FIRMWARE PATCH 1.08B04. For D-Link DIR-860L versions prior to DIR860LA1 FW110b04, update to a version newer than DIR860LA1 FW110b04. As a temporary workaround, consider restricting access to the vulnerable soap.cgi script until a patch is available. Avoid using the service parameter in the affected API endpoint until the issue is resolved.