PT-2019-13359 · D Link · D-Link Dir-818Lw

Published

2019-07-10

Updated

2021-04-23

CVE-2019-13481

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions D-Link DIR-818LW version 2.06betab01

Description A command injection issue was discovered in the HNAP1 protocol, which is exploitable with authentication. This issue occurs via shell metacharacters in the MTU field when using the SetWanSettings function.

Recommendations For D-Link DIR-818LW version 2.06betab01, as a temporary workaround, consider restricting access to the HNAP1 protocol or disabling the SetWanSettings function until a patch is available. Avoid using shell metacharacters in the MTU field to minimize the risk of exploitation.

Exploit

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2019-13481

Affected Products

D-Link Dir-818Lw

PT-2019-13359 · D Link · D-Link Dir-818Lw

CVE-2019-13481

Weakness Enumeration

Related Identifiers

Affected Products

References · 4