CVE-2018-19988

Name of the Vulnerable Software and Affected Versions D-Link DIR-868L Rev.B version 2.05B02

Description The issue arises from the lack of proper sanitization of special elements in the AudioMute and AudioEnable parameters within the /HNAP1/SetClientInfoDemo message. This allows for command injection when the SetClientInfoDemo.php script saves these parameters to the ShellPath script file without proper regex checking. An attacker can exploit this by crafting an XML message with single quotes and backquotes in the AudioMute or AudioEnable elements, such as the 'telnetd' string, to bypass the wget command option. This could enable a remote attacker to execute arbitrary commands.

Recommendations For D-Link DIR-868L Rev.B version 2.05B02, as a temporary workaround, consider disabling the SetClientInfoDemo.php script until a patch is available. Restrict access to the /HNAP1/SetClientInfoDemo API endpoint to minimize the risk of exploitation. Avoid using the AudioMute and AudioEnable parameters in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.