CVE-2018-19987

CRITICAL

D-Link DIR-818LW/822/860L/868L/880L/890L - OS Command Injection via HNAP1 SetAccessPointMode

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-19987. PoCs published by nahueldsanchez.

AI-analyzed exploit summary This repository contains a detailed analysis of CVE-2018-19987, a command injection vulnerability in D-Link DIR-822 routers. The writeup explains the root cause, firmware extraction, and HNAP request handling but does not include exploit code.

Description

D-Link DIR-822 Rev.B 202KRb06, DIR-822 Rev.C 3.10B06, DIR-860L Rev.B 2.03.B03, DIR-868L Rev.B 2.05B02, DIR-880L Rev.A 1.20B01_01_i3se_BETA, and DIR-890L Rev.A 1.21B02_BETA devices mishandle IsAccessPoint in /HNAP1/SetAccessPointMode. In the SetAccessPointMode.php source code, the IsAccessPoint parameter is saved in the ShellPath script file without any regex checking. After the script file is executed, the command injection occurs. A vulnerable /HNAP1/SetAccessPointMode XML message could have shell metacharacters in the IsAccessPoint element such as the `telnetd` string.

Exploits (1)

nomisec WRITEUP 2 stars

by nahueldsanchez · poc

https://github.com/nahueldsanchez/blogpost_cve-2018-19987-analysis

View Code ZIP pw:eip

This repository contains a detailed analysis of CVE-2018-19987, a command injection vulnerability in D-Link DIR-822 routers. The writeup explains the root cause, firmware extraction, and HNAP request handling but does not include exploit code.

Classification

Writeup 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: D-Link DIR-822-US (Firmware v3.01B02)

Auth required

Prerequisites: Access to vulnerable D-Link router · Authentication credentials

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1200 - Hardware Additions

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory x_refsource_misc

https://github.com/pr0v3rbs/CVE/tree/master/CVE-2018-19986%20-%2019990

View Exploit ZIP pw:eip

Scores

CVSS v3 9.8

EPSS 0.1293

EPSS Percentile 95.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (7)

d-link/dir-818lw_firmware 2.05.b03

d-link/dir-822_firmware 202krb06

d-link/dir-860l_firmware 2.03.b03

d-link/dir-868l_firmware 2.05b02

d-link/dir-880l_firmware 1.20b01_01_i3se beta

d-link/dir-890l\/r_firmware 1.21b02 beta

dlink/dir-822_firmware 3.10b06

Published May 13, 2019

Tracked Since Feb 18, 2026