CVE-2018-6211

HIGH

D-Link DIR-620 Firmware <=2.0.22 - OS Command Injection via index.cgi

Title source: llm
STIX 2.1

Description

On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, OS command injection is possible as a result of incorrect processing of the res_buf parameter to index.cgi.

Scores

CVSS v3 7.2
EPSS 0.0577
EPSS Percentile 92.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-78
Status published
Products (7)
d-link/dir-620_firmware 1.0.3
d-link/dir-620_firmware 1.0.37
d-link/dir-620_firmware 1.3.1
d-link/dir-620_firmware 1.3.3
d-link/dir-620_firmware 1.3.7
d-link/dir-620_firmware 1.4.0
d-link/dir-620_firmware 2.0.22
Published Jun 20, 2018
Tracked Since Feb 18, 2026