CVE-2018-19987

🗓️ 13 May 2019 13:23:33Reported by mitreType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 72 Views🌐 WEB

D-Link devices vulnerable to command injection via IsAccessPoint parameter mishandling.

Reporter	Title	Published	Views	Family All 9
BDU FSTEC	The vulnerability of the SetAccessPointMode.php script in D-Link router microprogramming devices such as DIR-822 Rev.B, DIR-822 Rev.C, DIR-860L Rev.B, DIR-868L Rev.B, DIR-880L Rev.A, and DIR-890L Rev.A allows a hacker to execute arbitrary commands.	19 May 202300:00	–	bdu_fstec
Cvelist	CVE-2018-19987	13 May 201913:23	–	cvelist
NVD	CVE-2018-19987	13 May 201914:29	–	nvd
OpenVAS	D-Link DIR-822 Multiple Vulnerabilities (2018 - 2024)	24 Jun 202500:00	–	openvas
OpenVAS	D-Link DIR-860L Multiple Vulnerabilities (2018 - 2025)	24 Jun 202500:00	–	openvas
OSV	CVE-2018-19987	13 May 201914:29	–	osv
Prion	Command injection	13 May 201914:29	–	prion
Positive Technologies	PT-2019-6342 · D Link · Dir-860L +4	7 Jan 201900:00	–	ptsecurity
RedhatCVE	CVE-2018-19987	9 Jan 202612:01	–	redhatcve

NVD

Node

AND

Node

AND

Node

AND

Node

AND

Node

d-link dir-880l_firmwareMatch1.20b01_01_i3sebeta

AND

Node

AND

Source	Link
github	www.github.com/pr0v3rbs/CVE/tree/master/CVE-2018-19986%20-%2019990

Parameter	Position	Path	Description	CWE
IsAccessPoint	request body	HNAP1/SetAccessPointMode	Command injection via unsafely saved IsAccessPoint parameter in SetAccessPointMode allowing shell metacharacter execution.	CWE-78

17 Jun 2026 01:50Current

9.7High risk

Vulners AI Score9.7

CVSS 39.8

CVSS 210

EPSS0.12932