CVE-2018-19990

Name of the Vulnerable Software and Affected Versions D-Link DIR-822 B1 version 202KRb06

Description The issue is related to insufficient checking of arguments passed to a command when handling the WPSPIN parameter in the SetWiFiVerifyAlpha.php script. This could allow a remote attacker to impact the integrity, availability, and confidentiality of protected information. The vulnerability is exploited through the /HNAP1/SetWiFiVerifyAlpha message, where the WPSPIN parameter can contain shell metacharacters, such as the telnetd string. In the affected devices, the WPSPIN parameter is saved in internal configuration memory without regex checking and is later used with the wpatalk command, also without any regex checking.

Recommendations For D-Link DIR-822 B1 version 202KRb06, as a temporary workaround, consider disabling the do wps function in the wps.php source code until a patch is available. Restrict access to the /HNAP1/SetWiFiVerifyAlpha API endpoint to minimize the risk of exploitation. Avoid using the WPSPIN parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.