WPSPIN Vulnerability in D-Link DIR-822 B1 Devices
CVE-2018-19990

9.8CRITICAL

Key Information:

Vendor: D-link
Status: Dir-822 Firmware
Vendor: CVE Published:; 13 May 2019

What is CVE-2018-19990?

In D-Link DIR-822 B1 devices, the WPSPIN parameter in the /HNAP1/SetWiFiVerifyAlpha message is exposed to vulnerabilities due to a lack of input validation. The parameter is stored in internal configuration memory without proper regex checks, exposing the system to potential command injection attacks. Specifically, the data can allow shell metacharacters in the WPSPIN element, which may be exploited through carefully crafted XML messages, potentially leading to unauthorized command execution and significant security breaches.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/pr0v3rbs/CVE/tree/master/CVE-2018-1998...

x_refsource_MISC

EPSS Score

8% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 13, 2019
Vulnerability Reserved
Dec 9, 2018

JSON

D-link

What is CVE-2018-19990?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

EPSS Score

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.