PT-2018-2565 · D Link · Dir-822+3

Henry Huang

·

Published

2018-11-01

·

Updated

2019-10-03

·

CVE-2018-20674

CVSS v2.0

9.0

High

VectorAV:N/AC:L/Au:S/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions D-Link DIR-822 C1 versions prior to v3.11B01Beta D-Link DIR-822-US C1 versions prior to v3.11B01Beta D-Link DIR-850L A* versions prior to v1.21B08Beta D-Link DIR-850L B* versions prior to v2.22B03Beta D-Link DIR-880L A* versions prior to v1.20B02Beta
Description The issue is related to the lack of input data sanitization in the firmware of D-Link routers. This allows an authenticated remote attacker to execute arbitrary commands.
Recommendations For D-Link DIR-822 C1 versions prior to v3.11B01Beta, update to v3.11B01Beta or later. For D-Link DIR-822-US C1 versions prior to v3.11B01Beta, update to v3.11B01Beta or later. For D-Link DIR-850L A* versions prior to v1.21B08Beta, update to v1.21B08Beta or later. For D-Link DIR-850L B* versions prior to v2.22B03Beta, update to v2.22B03Beta or later. For D-Link DIR-880L A* versions prior to v1.20B02Beta, update to v1.20B02Beta or later.

Fix

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

BDU:2019-00987
CVE-2018-20674

Affected Products

Dir-822
Dir-822-Us
Dir-850L
Dir-880L