CVE-2018-6530

CRITICAL KEV RANSOMWARE NUCLEI

D-Link DIR-860L/865L/868L/880L Firmware - OS Command Injection via SOAP.cgi Service Parameter

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2018-6530 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added September 8, 2022, with confirmed use in ransomware campaigns. A Nuclei detection template is also available.

Description

OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter.

Nuclei Templates (1)

D-Link - Unauthenticated Remote Code Execution
CRITICALby gy741

References (6)

Core 6
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto

Scores

CVSS v3 9.8
EPSS 0.9421
EPSS Percentile 99.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable yes
Technical Impact total

Details

CISA KEV 2022-09-08
VulnCheck KEV 2022-09-06
InTheWild.io 2022-09-06
ENISA EUVD EUVD-2018-18282
Ransomware Use Confirmed
CWE
CWE-78
Status published
Products (4)
dlink/dir-860l_firmware < 1.10b04
dlink/dir-865l_firmware < 1.08b01
dlink/dir-868l_firmware < 1.12b04
dlink/dir-880l_firmware < 1.08b04
Published Mar 06, 2018
KEV Added Sep 08, 2022
Tracked Since Feb 18, 2026