The vulnerability of the SetAccessPointMode.php script in D-Link router microprogramming devices such as DIR-822 Rev.B, DIR-822 Rev.C, DIR-860L Rev.B, DIR-868L Rev.B, DIR-880L Rev.A, and DIR-890L Rev.A allows a hacker to execute arbitrary commands.

🗓️ 19 May 2023 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

SetAccessPointMode.php flaw in D-Link routers enables arbitrary commands via a crafted message.

Reporter	Title	Published	Views	Family All 13
BDU FSTEC	The vulnerability of the SetRouterSettings.php script in D-Link DIR-818LW Rev.A and DIR-822 B1 router microprogramming systems allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.	19 May 202300:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the SetClientInfoDemo.php script in D-Link DIR-868L router software allows a hacker to execute any command they desire.	19 May 202300:00	–	bdu_fstec
CVE	CVE-2018-1998620	7 Jan 201900:00	–	cve
CVE	CVE-2018-19987	13 May 201913:23	–	cve
Cvelist	CVE-2018-19987	13 May 201913:23	–	cvelist
NVD	CVE-2018-19987	13 May 201914:29	–	nvd
OpenVAS	D-Link DIR-822 Multiple Vulnerabilities (2018 - 2024)	24 Jun 202500:00	–	openvas
OpenVAS	D-Link DIR-860L Multiple Vulnerabilities (2018 - 2025)	24 Jun 202500:00	–	openvas
Prion	Command injection	13 May 201914:29	–	prion
Positive Technologies	PT-2019-6341 · D Link · D-Link Dir-818Lw +1	7 Jan 201900:00	–	ptsecurity

Vulners

Node

d-link dir-818lwMatch2.05.b03

OR

d-link dir-860lMatch2.03.b03

OR

d-link dir-868lMatch2.05b02

OR

d-link dir-882Match202krb06

OR

d-link dir-882Match3.10b06

Source	Link
github	www.github.com/pr0v3rbs/CVE/tree/master/CVE-2018-1998620-2019990
safe-surf	www.safe-surf.ru/upload/VULN.20190520.3.pdf
web	www.web.nvd.nist.gov/view/vuln/detail

19 May 2023 00:00Current

8.1High risk

Vulners AI Score8.1

CVSS 39.8

CVSS 210

EPSS0.12932

D Link routers SetAccessPointMode vulnerability arbitrary command execution