Remote Code Execution Vulnerability in D-Link Router Products
CVE-2018-10967

8.8HIGH

Key Information:

Vendor: D-link
Status: Dir-550a Firmware
Vendor: CVE Published:; 18 May 2018

What is CVE-2018-10967?

A security flaw exists in D-Link DIR-550A and DIR-604M routers through version 2.10KR, where an attacker can exploit HTTP request forgery to inject and execute malicious operating system commands. This vulnerability allows unauthenticated users to gain elevated privileges and manipulate the device's operations.

References

https://fortiguard.com/zeroday/FG-VD-18-060

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 18, 2018
Vulnerability Reserved
May 10, 2018

D-link

What is CVE-2018-10967?

References

CVSS V3.1

Timeline