PT-2018-3918 · D Link · D-Link Dir-550A+1
Published
2018-05-08
·
Updated
2023-04-26
·
CVE-2018-10967
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
D-Link DIR-550A versions through v2.10KR
D-Link DIR-604M versions through v2.10KR
Description
The issue allows a malicious user to forge an HTTP request and inject operating system commands that can be executed on the device with higher privileges, resulting in remote code execution. This is due to the lack of measures to neutralize special elements used in the operating system command.
Recommendations
For D-Link DIR-550A versions through v2.10KR, update to a version later than v2.10KR to resolve the issue.
For D-Link DIR-604M versions through v2.10KR, update to a version later than v2.10KR to resolve the issue.
As a temporary workaround, consider restricting access to the device to minimize the risk of exploitation.
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
D-Link Dir-550A
D-Link Di-604