CVE-2018-19989

Name of the Vulnerable Software and Affected Versions D-Link DIR-822 versions Rev.B 202KRb06 through Rev.C 3.10B06

Description The issue is related to insufficient regular expression checking in the SetQoSSettings.php script of D-Link DIR-822 routers when handling the uplink parameter. This can be exploited by a remote attacker to execute arbitrary commands. The vulnerability affects the /HNAP1/SetQoSSettings message, where the uplink parameter is saved in internal configuration memory without regex checking. The data is then used with the tc command in the bwc tc spq start, bwc tc wfq start, and bwc tc adb start functions of the bwcsvcs.php source code, allowing for potential command execution. A vulnerable /HNAP1/SetQoSSettings XML message could contain shell metacharacters in the uplink element.

Recommendations For D-Link DIR-822 Rev.B 202KRb06 and Rev.C 3.10B06 devices, consider disabling the SetQoSSettings.php script until a patch is available to prevent exploitation of the uplink parameter. Restrict access to the /HNAP1/SetQoSSettings API endpoint to minimize the risk of exploitation. Avoid using the uplink parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.