CVE-2018-19989

In the /HNAP1/SetQoSSettings message, the uplink parameter is vulnerable, and the vulnerability affects D-Link DIR-822 Rev.B 202KRb06 and DIR-822 Rev.C 3.10B06 devices. In the SetQoSSettings.php source code, the uplink parameter is saved in the /bwc/entry:1/bandwidth and /bwc/entry:2/bandwidth...

The vulnerability of the SetQoSSettings.php script in D-Link DIR-822 router software allows a hacker to execute arbitrary commands.

The vulnerability of the SetQoSSettings.php script in D-Link DIR-822 router microprogramming software is related to insufficient checking of regular expressions during the processing of the uplink parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

CVE-2018-19989

CVE-2018-19989 affects D-Link DIR-822 Rev.B 202KRb06 and DIR-822 Rev.C 3.10B06 via the /HNAP1/SetQoSSettings uplink parameter. In SetQoSSettings.php the uplink value is saved to internal memory at /bwc/entry:1/bandwidth and /bwc/entry:2/bandwidth without any regex validation and later consumed by...

PT-2019-6335 · D Link · D-Link Dir-822

Name of the Vulnerable Software and Affected Versions: D-Link DIR-822 versions Rev.B 202KRb06 through Rev.C 3.10B06 Description: The issue is related to insufficient regular expression checking in the SetQoSSettings.php script of D-Link DIR-822 routers when handling the uplink parameter. This can...