CVE-2018-19986

Name of the Vulnerable Software and Affected Versions D-Link DIR-818LW Rev.A version 2.05.B03 D-Link DIR-822 B1 version 202KRb06

Description The issue affects the /HNAP1/SetRouterSettings message, where the RemotePort parameter is vulnerable. This vulnerability can be exploited by sending a specially crafted XML message with shell metacharacters in the RemotePort element, such as the telnetd string. The lack of regex checking in the SetRouterSettings.php source code and the IPTWAN build command function of the iptwan.php source code allows the exploitation of this issue. Successful exploitation can allow a remote attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations For D-Link DIR-818LW Rev.A version 2.05.B03, consider disabling the RemotePort parameter in the /HNAP1/SetRouterSettings message until a patch is available. For D-Link DIR-822 B1 version 202KRb06, restrict access to the IPTWAN build command function in the iptwan.php source code to minimize the risk of exploitation. Avoid using the RemotePort parameter in the affected API endpoint until the issue is resolved.