Command Injection Vulnerability in D-Link DIR-818LW Devices
CVE-2019-13481

8.8HIGH

Key Information:

Vendor: D-Link
Status: Dir-818lw Firmware
Vendor: CVE Published:; 10 July 2019

Summary

A command injection vulnerability was found in D-Link DIR-818LW devices with specific firmware. By exploiting shell metacharacters in the MTU field during the SetWanSettings configuration, an attacker can generate arbitrary commands, which could compromise the device's integrity. Proper safeguards against such command injections are essential for maintaining network security and safeguarding against unauthorized access.

References

https://github.com/TeamSeri0us/pocs/blob/master/iot/dlink...

x_refsource_MISC

http://www.securityfocus.com/bid/109131

vdb-entryx_refsource_BID

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 10, 2019
Vulnerability Reserved
Jul 10, 2019