CVE-2018-19987

CRITICAL

D-Link DIR-* - Command Injection

Title source: llm

Description

D-Link DIR-822 Rev.B 202KRb06, DIR-822 Rev.C 3.10B06, DIR-860L Rev.B 2.03.B03, DIR-868L Rev.B 2.05B02, DIR-880L Rev.A 1.20B01_01_i3se_BETA, and DIR-890L Rev.A 1.21B02_BETA devices mishandle IsAccessPoint in /HNAP1/SetAccessPointMode. In the SetAccessPointMode.php source code, the IsAccessPoint parameter is saved in the ShellPath script file without any regex checking. After the script file is executed, the command injection occurs. A vulnerable /HNAP1/SetAccessPointMode XML message could have shell metacharacters in the IsAccessPoint element such as the `telnetd` string.

Exploits (1)

nomisec WRITEUP 2 stars

by nahueldsanchez · poc

https://github.com/nahueldsanchez/blogpost_cve-2018-19987-analysis

View Code ZIP pw:eip

References (1)

[Exploit, Third Party Advisory] https://github.com/pr0v3rbs/CVE/tree/master/CVE-2018-19986%20-%2019990

Scores

CVSS v3 9.8

EPSS 0.8183

EPSS Percentile 99.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (7)

d-link/dir-818lw_firmware 2.05.b03

d-link/dir-822_firmware 202krb06

d-link/dir-860l_firmware 2.03.b03

d-link/dir-868l_firmware 2.05b02

d-link/dir-880l_firmware 1.20b01_01_i3se beta

d-link/dir-890l\/r_firmware 1.21b02 beta

dlink/dir-822_firmware 3.10b06

Published May 13, 2019

Tracked Since Feb 18, 2026