CVE-2019-12786

Name of the Vulnerable Software and Affected Versions D-Link DIR-818LW devices from 2.05.B03 to 2.06B01 BETA

Description The issue is related to a command injection in HNAP1 SetWanSettings via an XML injection of the value of the IPAddress key. This is due to the lack of input data sanitization measures, which can allow a remote attacker to execute arbitrary commands.

Recommendations For D-Link DIR-818LW devices from 2.05.B03 to 2.06B01 BETA, consider restricting access to the HNAP1 SetWanSettings until a patch is available. As a temporary workaround, avoid using the IPAddress key in the affected XML injection to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.