CVE-2018-6530

CRITICAL KEV RANSOMWARE NUCLEI

Dlink Dir-860l Firmware < 1.10b04 - OS Command Injection

Title source: rule

Description

OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter.

Nuclei Templates (1)

D-Link - Unauthenticated Remote Code Execution

CRITICALby gy741

References (6)

[Release Notes, Vendor Advisory] ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf

[Release Notes, Vendor Advisory] ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf

[Release Notes, Vendor Advisory] ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf

[Release Notes, Vendor Advisory] ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-880L/REVA/DIR-880L_REVA_FIRMWARE_PATCH_NOTES_1.08B06_EN_WW.pdf

[Exploit, Third Party Advisory] https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-6530

Scores

CVSS v3 9.8

EPSS 0.9429

EPSS Percentile 99.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-09-08

VulnCheck KEV 2022-09-06

InTheWild.io 2022-09-06

ENISA EUVD EUVD-2018-18282

Ransomware Use Confirmed

CWE

CWE-78

Status published

Products (4)

dlink/dir-860l_firmware < 1.10b04

dlink/dir-865l_firmware < 1.08b01

dlink/dir-868l_firmware < 1.12b04

dlink/dir-880l_firmware < 1.08b04

Published Mar 06, 2018

KEV Added Sep 08, 2022

Tracked Since Feb 18, 2026