The vulnerability of the SetClientInfoDemo.php script in D-Link DIR-868L router software allows a hacker to execute any command they desire.

The vulnerability of the SetClientInfoDemo.php script in the D-Link DIR-868L router microprogramming software exists due to the failure to take measures to neutralize the special elements used in the operating system command. Exploiting this vulnerability allows a malicious actor to execute...

CVE-2018-19988

In the /HNAP1/SetClientInfoDemo message, the AudioMute and AudioEnable parameters are vulnerable, and the vulnerabilities affect D-Link DIR-868L Rev.B 2.05B02 devices. In the SetClientInfoDemo.php source code, the AudioMute and AudioEnble parameters are saved in the ShellPath script file without...

CVE-2018-19988

In the /HNAP1/SetClientInfoDemo message, the AudioMute and AudioEnable parameters are vulnerable, and the vulnerabilities affect D-Link DIR-868L Rev.B 2.05B02 devices. In the SetClientInfoDemo.php source code, the AudioMute and AudioEnble parameters are saved in the ShellPath script file without...

Command injection

In the /HNAP1/SetClientInfoDemo message, the AudioMute and AudioEnable parameters are vulnerable, and the vulnerabilities affect D-Link DIR-868L Rev.B 2.05B02 devices. In the SetClientInfoDemo.php source code, the AudioMute and AudioEnble parameters are saved in the ShellPath script file without...

CVE-2018-19988

CVE-2018-19988 affects D-Link DIR-868L Rev.B 2.05B02. In /HNAP1/SetClientInfoDemo, AudioMute/AudioEnable are saved in the ShellPath script without regex validation, and after file execution a command-injection can occur. The vulnerability can be triggered by a crafted XML message containing singl...