CVE-2018-17787

2018-10-0218:00:00

mitre

www.cve.org

9.7 High

AI Score

Confidence

High

0.688 Medium

EPSS

Percentile

98.0%

JSON

On D-Link DIR-823G devices, the GoAhead configuration allows /HNAP1 Command Injection via shell metacharacters in the POST data, because this data is sent directly to the “system” library function.

References

xz.aliyun.com/t/2834